PingID Integration for Windows Login before 2.4.2 allows local users to gain privileges by modifying CefSharp.BrowserSubprocess.exe. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
An integer overflow was discovered in YGOPro ygocore v13.51. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
peg-markdown 0.4.14 has a NULL pointer dereference in process_raw_blocks in markdown_lib.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A cross-site request forgery (CSRF) vulnerability in Jenkins Warnings Plugin 5.0.1 and earlier allows attackers to execute arbitrary code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability in the web-based management interface of Cisco Unified Communications Manager (UCM) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Multiple vulnerabilities in the Distance Vector Multicast Routing Protocol (DVMRP) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to either immediately crash the. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An issue was discovered in Xen through 4.14.x. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
An issue was discovered in Xen through 4.14.x. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.
In GLPI before version 9.5.0, the encryption algorithm used is insecure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Two memory corruption vulnerabilities in the Aruba CX Switches Series 6200F, 6300, 6400, 8320, 8325, and 8400 have been found. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Two memory corruption vulnerabilities in the Aruba CX Switches Series 6200F, 6300, 6400, 8320, 8325, and 8400 have been found. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Unathenticated directory traversal in the ReceiverServlet class doGet() method can lead to arbitrary file reads in HPE Pay Per Use (PPU) Utility Computing Service (UCS) Meter version 1.9. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Unathenticated directory traversal in the DownloadServlet class execute() method can lead to arbitrary file reads in HPE Pay Per Use (PPU) Utility Computing Service (UCS) Meter version 1.9. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A flaw was found in WildFly Elytron version 1.11.3.Final and before. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
A vulnerability in the email message scanning of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass configured filters on the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
GE Digital APM Classic, Versions 4.4 and prior. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A vulnerability in the video endpoint API (xAPI) of Cisco TelePresence Collaboration Endpoint (CE) Software, Cisco TelePresence Codec (TC) Software, and Cisco RoomOS Software could allow an. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Jenkins Liquibase Runner Plugin 1.4.5 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before 2.8.15 and ansible-engine 2.9.x before 2.9.13, when installing packages using the dnf module. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.
An issue was discovered in Xen through 4.14.x. Rated high severity (CVSS 7.0). This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.