PNPSCADA 2.200816204020 allows SQL injection via parameter 'interf' in /browse.jsp. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
The RTSPLive555.dll ActiveX control in Pelco Digital Sentry Server 7.18.72.11464 has a SetCameraConnectionParameter stack-based buffer overflow. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
The System Information Library for Node.JS (npm package "systeminformation") is an open source collection of functions to retrieve detailed hardware, system and OS information. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.
Accellion FTA 9_12_370 and earlier is affected by OS command execution via a crafted POST request to various admin endpoints. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Accellion FTA 9_12_411 and earlier is affected by SSRF via a crafted POST request to wmProgressstat.html. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Accellion FTA 9_12_370 and earlier is affected by SQL injection via a crafted Host header in a request to document_root.html. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Mobile application "Testes de Codigo" 11.4 and prior allows an attacker to gain access to the administrative interface and premium features by tampering the boolean value of parameters "isAdmin" and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An issue was discovered in Mutare Voice (EVM) 3.x before 3.3.8. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An issue was discovered in Mutare Voice (EVM) 3.x before 3.3.8. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
JSDom improperly allows the loading of local resources, which allows for local files to be manipulated by a malicious web page when script execution is enabled. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.
In Dekart Private Disk 2.15, invalid use of the Type3 user buffer for IOCTL codes using METHOD_NEITHER results in arbitrary memory dereferencing. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
Hestia Control Panel 1.3.5 and below, in a shared-hosting environment, sometimes allows remote authenticated users to create a subdomain for a different customer's domain name, leading to spoofing of. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows users to escape the provided command line interface and execute arbitrary OS commands. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows for cross-site request forgeries. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The admin panel in BlackCat CMS 1.3.6 allows stored XSS (by an admin) via the Display Name field to backend/preferences/ajax_save.php. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
Mumble before 1.3.4 allows remote code execution if a victim navigates to a crafted URL on a server list and clicks on the Open Webpage text. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
A denial of service and memory corruption vulnerability was found in Hilscher EtherNet/IP Core V2 prior to V2.13.0.21that may lead to code injection through network or make devices crash without. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Accellion FTA 9_12_411 and earlier is affected by OS command execution via a local web service call. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows for privilege escalation via configd. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
less-openui5 is an npm package which enables building OpenUI5 themes with Less.js. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.
Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.
A Denial of Service vulnerability was found in Hilscher PROFINET IO Device V3 in versions prior to V3.14.0.7. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows attackers to arbitrarily access and delete files via an authenticated directory traveral. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.
Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows attackers to view sensitive syslog events without authentication. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
uap-core in an open-source npm package which contains the core of BrowserScope's original user agent string parser. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.
An issue was discovered in Mutare Voice (EVM) 3.x before 3.3.8. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
An issue was discovered in Mutare Voice (EVM) 3.x before 3.3.8. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows attackers to conduct cross-site scriptings attacks via the sms.php dialogs. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows attackers to conduct cross-site scriptings attacks via the virtualization.php dialogs. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows attackers to conduct cross-site scripting attacks via the regionalSettings.php dialogs. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows attackers to conduct cross-site scripting attacks via the error handling functionality of web pages. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
OpenSSL 1.0.2 supports SSLv2. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.