SQL Injection vulnerability in Naviwebs Navigate CMS 2.9 via the quicksearch parameter in \lib\packages\comments\comments.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Southsoft GMIS 5.0 is vulnerable to CSRF attacks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in CIR 2000 / Gestionale Amica Prodigy v1.7. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
OpenStack Keystone 10.x through 16.x before 16.0.2, 17.x before 17.0.1, 18.x before 18.0.1, and 19.x before 19.0.1 allows information disclosure during account locking (related to PCI DSS features). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
In ProLink PRC2402M V1.0.18 and older, the set_sys_init function in the login.cgi binary allows an attacker to reset the password to the administrative interface of the router. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
In JetBrains RubyMine before 2021.1.1, code execution without user confirmation was possible for untrusted projects. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Corero SecureWatch Managed Services 9.7.2.0020 does not correctly check swa-monitor and cns-monitor user’s privileges, allowing a user to perform actions not belonging to his role. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A permission issue in the Cohesity Linux agent may allow privilege escalation in version 6.5.1b to 6.5.1d-hotfix10, 6.6.0a to 6.6.0b-hotfix1. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Mitsubishi Electric MELSEC iQ-R series Safety CPU modules R08/16/32/120SFCPU firmware versions "26" and prior and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In JetBrains YouTrack before 2021.2.16363, an insecure PRNG was used. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In JetBrains YouTrack before 2021.2.16363, time-unsafe comparisons were used. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In JetBrains TeamCity before 2021.1, passwords in cleartext sometimes could be stored in VCS. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In JetBrains TeamCity before 2021.1.1, insufficient authentication checks for agent requests were made. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.