A cross-site request forgery (CSRF) vulnerability exists in Streama up to and including v1.10.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available.
A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (`--ssl-reqd` on the command line or`CURLOPT_USE_SSL` set to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
An issue was discovered in zeek version 4.1.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
The package handsontable before 10.0.0; the package handsontable from 0 and before 10.0.0 are vulnerable to Regular Expression Denial of Service (ReDoS) in Handsontable.helper.isNumeric function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
“Shuup” application in versions 0.4.2 to 2.10.8 is affected by the “Formula Injection” vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
The build of some language stacks of Eclipse Che version 6 includes pulling some binaries from an unsecured HTTP endpoint. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
In “SuiteCRM” application, v7.1.7 through v7.10.31 and v7.11-beta through v7.11.20 fail to properly invalidate password reset links that is associated with a deleted user id, which makes it possible. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity.
In “SuiteCRM” application, v7.11.18 through v7.11.19 and v7.10.29 through v7.10.31 are affected by “CSV Injection” vulnerability (Formula Injection). Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity.
Adobe Premiere Pro version 15.4 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious .exr file, potentially resulting in arbitrary code execution in. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.
Adobe Premiere Pro version 15.4 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious .svg file, potentially resulting in arbitrary code execution in. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.
Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a Buffer Overflow vulnerability when parsing a specially crafted. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by an out-of-bounds write vulnerability that could result in. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a Type Confusion vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a use-after-free vulnerability when processing AcroForms that. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a use-after-free vulnerability in the processing of the AcroForm. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a use-after-free vulnerability in the processing of the AcroForm. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a use-after-free vulnerability in the processing of the AcroForm. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a use-after-free vulnerability in the processing of the AcroForm. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release Update 2 (and earlier) are affected by a memory corruption vulnerability due to insecure handling of a malicious PDF file,. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.
Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release Update 2 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.
Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release Update 2 (and earlier) are affected by a memory corruption vulnerability due to insecure handling of a malicious PDF file,. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.
Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release Update 2 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.
Adobe InDesign versions 16.3 (and earlier), and 16.3.1 (and earlier) are affected by an out-of-bounds read vulnerability that could result in arbitrary code execution in the context of the current. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Adobe Creative Cloud Desktop Application for macOS version 5.3 (and earlier) is affected by a privilege escalation vulnerability that could allow a normal user to delete the OOBE directory and get. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
A command injection vulnerability in the CGI program of the Zyxel VPN2S firmware version 1.12 could allow an authenticated, local user to execute arbitrary OS commands. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.
The Credova_Financial WordPress plugin discloses a site's associated Credova API account username and password in plaintext via an AJAX action whenever a site user goes to checkout on a page that has. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Couchbase Server 6.5.x, 6.6.0 through 6.6.2, and 7.0.0, has a Buffer Overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Couchbase Server 6.5.x, 6.6.x through 6.6.2, and 7.0.0 has a Buffer Overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A directory traversal vulnerability in the web server of the Zyxel VPN2S firmware version 1.12 could allow a remote attacker to gain access to sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Adobe Genuine Service versions 7.3 (and earlier) are affected by a privilege escalation vulnerability in the AGSService installer. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.
Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by an Uncontrolled Search Path Element vulnerability. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.
An uncontrolled search path element privilege escalation vulnerability in Trend Micro HouseCall for Home Networks version 5.3.1225 and below could allow an attacker to escalate privileges by placing. Rated high severity (CVSS 7.0).