Zoho ManageEngine ADSelfService Plus before 6112 is vulnerable to mail spoofing. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
In Cloudron 6.2, the returnTo parameter on the login page is vulnerable to Reflected XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
This affects the package edge.js before 5.3.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
http4s is an open source scala interface for HTTP. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
in-toto-golang is a go implementation of the in-toto framework to protect software supply chain integrity. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.
Butter is a system usability utility. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.
Cross-site scripting vulnerability due to the inadequate tag sanitization in GROWI versions v4.2.19 and earlier allows remote attackers to execute an arbitrary script on the web browser of the user. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
IBM PowerVM Hypervisor FW860, FW930, FW940, and FW950 could allow a local user to create a specially crafted sequence of hypervisor calls from a partition that could crash the system. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity.
An issue related to modification of otherwise restricted files through a locally authenticated attacker exists in FlexNet inventory agent and inventory beacon versions 2020 R2.5 and prior. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
An information disclosure vulnerability exists in AMD Platform Security Processor (PSP) chipset driver. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
jsuites is an open source collection of common required javascript web components. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.