Extreme Management Center 8.4.1.24 allows unauthenticated reflected XSS via a parameter in a GET request. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
radare2 4.5.0 misparses DWARF information in executable files, causing a segmentation fault in parse_typedef in type_dwarf.c via a malformed DW_AT_name in the .debug_info section. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
IBM Financial Transaction Manager 3.2.4 is vulnerable to SQL injection. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A GET-based XSS reflected vulnerability in Plesk Onyx 17.8.11 allows remote unauthenticated users to inject arbitrary JavaScript, HTML, or CSS via a GET parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A GET-based XSS reflected vulnerability in Plesk Obsidian 18.0.17 allows remote unauthenticated users to inject arbitrary JavaScript, HTML, or CSS via a GET parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Tiki before 21.2 allows XSS because [\s\/"\'] is not properly considered in lib/core/TikiFilter/PreventXss.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
IBM Financial Transaction Manager 3.2.4 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
It was found that the AMQ Online console is vulnerable to a Cross-Site Request Forgery (CSRF) which is exploitable in cases where preflight checks are not instigated or bypassed. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
A denial-of-service vulnerability in the Fanuc i Series CNC (0i-MD and 0i Mate-MD) could allow an unauthenticated, remote attacker to cause an affected CNC to become inaccessible to other devices. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Active IQ Unified Manager for VMware vSphere and Windows versions prior to 9.5 are susceptible to a vulnerability which allows administrative users to cause Denial of Service (DoS). Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.