forma.lms 2.3.0.2 is affected by Cross Site Request Forgery (CSRF) in formalms/appCore/index.php?r=lms/profile/show&ap=saveinfo via a GET request to change the admin email address in order to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
IBM QRadar SIEM 7.3 and 7.4 could allow a remote attacker to execute arbitrary commands on the system, caused by insecure deserialization of user-supplied content by the Java deserialization. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
LiveCode v9.6.1 on Windows allows local, low-privileged users to gain privileges by creating a malicious "cmd.exe" in the folder of the vulnerable LiveCode application. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
PyroCMS 3.7 is vulnerable to cross-site request forgery (CSRF) via the admin/addons/uninstall/anomaly.module.blocks URI: an arbitrary plugin will be deleted. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Jenkins Role-based Authorization Strategy Plugin 3.0 and earlier does not properly invalidate a permission cache when the configuration is changed, resulting in permissions being granted based on an. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability in the Cisco Discovery Protocol implementation for Cisco Video Surveillance 8000 Series IP Cameras could allow an unauthenticated, adjacent attacker to execute arbitrary code on an. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2: Stored XSS in CI Job Log. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A vulnerability in the loading mechanism of specific DLLs in the Cisco Webex Teams client for Windows could allow an authenticated, local attacker to load a malicious library. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A vulnerability in specified versions of American Dynamics victor Web Client and Software House CCURE Web Client could allow a remote unauthenticated attacker on the network to delete arbitrary files. Rated high severity (CVSS 8.1), this vulnerability is no authentication required, low attack complexity.
IBM Informix spatial 14.10 could allow a local user to execute commands as a privileged user due to an out of bounds write vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to modify parts of the configuration on an affected device. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Zoho ManageEngine Applications Manager 14780 and before allows a remote unauthenticated attacker to register managed servers via AAMRequestProcessor servlet. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability in the Session Initiation Protocol (SIP) of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to cause a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.