Windows TCP/IP Driver Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
All versions of package mongo-express are vulnerable to Denial of Service (DoS) when exporting an empty collection as CSV, due to an unhandled exception, leading to a crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In avrc_proc_vendor_command of avrc_api.cc, there is a possible leak of heap data due to uninitialized data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
In avrc_msg_cback of avrc_api.cc, there is a possible out of bounds read due to a missing bounds check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.
When starting Apache Solr versions prior to 8.8.2, configured with the SaslZkACLProvider or VMParamsAllAndReadonlyDigestZkACLProvider and no existing security.json znode, if the optional read-only. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In ImportVCardActivity, there is a possible way to bypass user consent due to a tapjacking/overlay attack. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.
The Grav admin plugin prior to version 1.10.11 does not correctly verify caller's privileges. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Microsoft Outlook Memory Corruption Vulnerability. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.
Windows Portmapping Information Disclosure Vulnerability. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.
Visual Studio Code Remote Code Execution Vulnerability. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.
Windows Installer Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0).
Win32k Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0).
In ClearPullerCacheIfNecessary and ForceClearPullerCache of StatsPullerManager.cpp, there is a possible use-after-free due to a race condition. Rated high severity (CVSS 7.0).