Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Insufficient input validation in npm package `jison` <= 0.4.18 may lead to OS command injection attacks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
LibreHealth EMR v2.0.0 is vulnerable to XSS that results in the ability to force arbitrary actions on behalf of other users including administrators. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Vulnerability in the Oracle SD-WAN Aware product of Oracle Communications Applications (component: User Interface). Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Vulnerability in the Oracle SD-WAN Edge product of Oracle Communications Applications (component: User Interface). Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
IRC5 exposes an ftp server (port 21). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The IRC5 family with UAS service enabled comes by default with credentials that can be found on publicly available manuals. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The authentication implementation on the xArm controller has very low entropy, making it vulnerable to a brute-force attack. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
XXE injection can occur in i-net Clear Reports 2019 19.0.287 (Designer), as used in i-net HelpDesk and other products, when XML input containing a reference to an external entity is processed by a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Malicious operation of the crafted web browser cookie may cause a stack-based buffer overflow in the system web server on the EDR-G902 and EDR-G903 Series Routers (versions prior to 5.4). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Advantech iView, versions 5.6 and prior, has an improper input validation vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Advantech iView, versions 5.6 and prior, has an improper authentication for critical function (CWE-306) issue. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Advantech iView, versions 5.6 and prior, is vulnerable to multiple path traversal vulnerabilities that could allow an attacker to create/download arbitrary files, limit system availability, and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Advantech iView, versions 5.6 and prior, has an improper neutralization of special elements used in a command (“command injection”) vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Advantech iView, versions 5.6 and prior, contains multiple SQL injection vulnerabilities that are vulnerable to the use of an attacker-controlled string in the construction of SQL queries. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Vulnerability in the Oracle GoldenGate product of Oracle GoldenGate (component: Process Management). Rated critical severity (CVSS 9.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
No authentication is required to control the robot inside the network, moreso the latest available user manual shows an option that lets the user to add a password to the robot but as in xarm_studio. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: Invoice). Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Vulnerability in the Oracle CRM Gateway for Mobile Devices product of Oracle E-Business Suite (component: Setup of Mobile Applications). Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Vulnerability in the Oracle CRM Gateway for Mobile Devices product of Oracle E-Business Suite (component: Setup of Mobile Applications). Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.