NETGEAR JGS516PE devices before 2.6.0.43 are affected by lack of access control at the function level. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A cross-site request forgery (CSRF) vulnerability in mod/user/act_user.php in Garfield Petshop through 2020-10-01 allows remote attackers to hijack the authentication of administrators for requests. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Certain NETGEAR devices are affected by authentication bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Certain NETGEAR devices are affected by authentication bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Certain NETGEAR devices are affected by authentication bypass. Rated critical severity (CVSS 9.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Certain NETGEAR devices are affected by authentication bypass. Rated critical severity (CVSS 9.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Certain NETGEAR devices are affected by authentication bypass. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Certain NETGEAR devices are affected by CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Certain NETGEAR devices are affected by lack of access control at the function level. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Certain NETGEAR devices are affected by disclosure of administrative credentials. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Certain NETGEAR devices are affected by disclosure of administrative credentials. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Certain NETGEAR devices are affected by disclosure of administrative credentials. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Certain NETGEAR devices are affected by disclosure of administrative credentials. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Certain NETGEAR devices are affected by disclosure of administrative credentials. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
NETGEAR RAX40 devices before 1.0.3.80 are affected by incorrect configuration of security settings. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Certain NETGEAR devices are affected by disclosure of administrative credentials. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
The Agent Update System in ConnectWise Automate before 2020.8 allows Privilege Escalation because the _LTUPDATE folder has weak permissions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Certain NETGEAR devices are affected by command injection by an authenticated user. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.
Certain NETGEAR devices are affected by command injection by an authenticated user. Rated high severity (CVSS 7.1). No vendor patch available.
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.
Certain NETGEAR devices are affected by command injection by an authenticated user. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.
Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have an insufficient input validation vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
Certain NETGEAR devices are affected by command injection by an authenticated user. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
Certain NETGEAR devices are affected by disclosure of sensitive information. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Certain NETGEAR devices are affected by disclosure of sensitive information. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Certain NETGEAR devices are affected by disclosure of sensitive information. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Certain NETGEAR devices are affected by disclosure of sensitive information. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Certain NETGEAR devices are affected by incorrect configuration of security settings. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Xerox WorkCentre EC7836 before 073.050.059.25300 and EC7856 before 073.020.059.25300 devices allow XSS via Description pages. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
HttpUtils#getURLConnection method disables explicitly hostname verification for HTTPS connections making clients vulnerable to man-in-the-middle attacks. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Certain NETGEAR devices are affected by stored XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Certain NETGEAR devices are affected by stored XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Certain NETGEAR devices are affected by stored XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Certain NETGEAR devices are affected by stored XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
OnePlus App Locker through 2020-10-06 allows physically proximate attackers to use Google Assistant to bypass an authorization check in order to send an SMS message when the SMS application is locked. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
NETGEAR EX7700 devices before 1.0.0.210 are affected by incorrect configuration of security settings. Rated low severity (CVSS 3.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
NETGEAR GS808E devices before 1.7.1.0 are affected by denial of service. Rated low severity (CVSS 3.2), this vulnerability is low attack complexity. No vendor patch available.