Chevereto before 3.17.1 allows Cross Site Scripting (XSS) via an image title at the image upload stage. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
In Artica Pandora FMS <=754 in the File Manager component, there is sensitive information exposed on the client side which attackers can access. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.
There exists an unauthenticated BLE Interface in Sloan SmartFaucets including Optima EAF, Optima ETF/EBF, BASYS EFX, and Flushometers including SOLIS. Rated medium severity (CVSS 5.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Stored cross-site scripting (XSS) in the embedded webserver of AKCP sensorProbe before SP480-20210624 enables remote authenticated attackers to introduce arbitrary JavaScript via the Sensor. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Trusty TLK contains a vulnerability in the NVIDIA TLK kernel where an integer overflow in the calculation of a length could lead to a heap overflow. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
Bootloader contains a vulnerability in NVIDIA MB2 where a potential heap overflow might lead to denial of service or escalation of privileges. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
Trusty contains a vulnerability in the HDCP service TA where bounds checking in command 10 is missing. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
Trusty contains a vulnerability in the HDCP service TA where bounds checking in command 11 is missing. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
Trusty contains a vulnerability in the HDCP service TA where bounds checking in command 9 is missing. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
Trusty contains a vulnerability in the HDCP service TA where bounds checking in command 5 is missing. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
Trusty contains a vulnerability in all trusted applications (TAs) where the stack cookie was not randomized, which might result in stack-based buffer overflow, leading to denial of service,. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
Trusty contains a vulnerability in command handlers where the length of input buffers is not verified. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
A cross-site request forgery (CSRF) vulnerability in Jenkins requests-plugin Plugin 2.2.12 and earlier allows attackers to create requests and/or have administrators apply pending requests. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
IBM Cognos Analytics 10.0 and 11.1 is susceptible to a weakness in the implementation of the System Appearance configuration setting. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Jenkins CAS Plugin 1.6.0 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins, allowing attackers to perform phishing attacks. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An issue was discovered in Craft CMS before 3.6.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
Trusty trusted Linux kernel (TLK) contains a vulnerability in the NVIDIA TLK kernel where a lack of heap hardening could cause heap overflows, which might lead to information disclosure and denial of. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.
An out-of-bounds write vulnerability was found in DjVuLibre in DJVU::DjVuTXT::decode() in DjVuText.cpp via a crafted djvu file which may lead to crash and segmentation fault. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.
xen/arm: Boot modules are not scrubbed The bootloader will load boot modules (e.g. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
In Plone 5.0 through 5.2.4, Editors are vulnerable to XSS in the folder contents view, if a Contributor has created a folder with a SCRIPT tag in the description field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
There is an Improper Permission Management Vulnerability in Huawei Smartphone. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Jenkins requests-plugin Plugin 2.2.7 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to send test emails to an attacker-specified. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A missing permission check in Jenkins requests-plugin Plugin 2.2.6 and earlier allows attackers with Overall/Read permission to view the list of pending requests. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Jenkins Selenium HTML report Plugin 1.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Jenkins 2.299 and earlier, LTS 2.289.1 and earlier allows users to cancel queue items and abort builds of jobs for which they have Item/Cancel permission even when they do not have Item/Read. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.