Windows Media Foundation Dolby Digital Atmos Decoders Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.
Win32k Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
Windows Common Log File System Driver Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.
Storage Spaces Controller Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.
Windows Network Address Translation (NAT) Denial of Service Vulnerability. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity.
Microsoft SharePoint Server Spoofing Vulnerability. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity.
Microsoft SharePoint Server Spoofing Vulnerability. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity.
Proofpoint Enterprise Protection before 8.12.0-2108090000 allows security control bypass. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Proofpoint Spam Engine before 8.12.0-2106240000 has a Security Control Bypass. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
SCOM Information Disclosure Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Windows AppContainer Elevation Of Privilege Vulnerability. Rated high severity (CVSS 7.5). This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.
Windows TCP/IP Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Microsoft Exchange Server Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
The SNKRDUNK Market Place App for iOS versions prior to 2.2.0 does not verify server certificate properly, which allows man-in-the-middle attackers to eavesdrop on and/or alter encrypted. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
Proofpoint Insider Threat Management Server contains an unsafe deserialization vulnerability in the Web Console. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.
Windows DNS Server Remote Code Execution Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.
Microsoft Office Visio Remote Code Execution Vulnerability. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity.
Windows Desktop Bridge Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0). This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.
Windows HTTP.sys Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0).
Windows MSHTML Platform Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required.
VMware vRealize Orchestrator ((8.x prior to 8.6) contains an open redirect vulnerability due to improper path handling. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote authenticated attacker to cause a denial of service (DoS) condition via unspecified vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote authenticated attacker to conduct XML External Entity (XXE) attacks and obtain the information stored in the product via unspecified vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Directory traversal vulnerability in the management screen of Cybozu Remote Service 3.1.8 allows a remote authenticated attacker to upload an arbitrary file via unspecified vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Microsoft Exchange Server Spoofing Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Windows Print Spooler Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.
Windows Remote Procedure Call Runtime Security Feature Bypass Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.
Anuko Time Tracker is an open source, web-based time tracking application written in PHP. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
XMP Toolkit version 2020.1 (and earlier) is affected by a null pointer dereference vulnerability that could result in leaking data from certain memory locations and causing a local denial of service. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Improper authorization in handler for custom URL scheme vulnerability in Nike App for Android versions prior to 2.177 and Nike App for iOS versions prior to 2.177.1 allows a remote attacker to lead a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Cross-site scripting vulnerability in the management screen of Cybozu Remote Service 3.0.0 to 3.1.9 allows a remote attacker to inject an arbitrary script via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Open redirect vulnerability in Cybozu Remote Service 3.0.0 to 3.1.9 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
.NET Core and Visual Studio Information Disclosure Vulnerability. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required, low attack complexity.
Windows Fast FAT File System Driver Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
Windows AppContainer Firewall Rules Security Feature Bypass Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
Windows Kernel Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
Microsoft Excel Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
Windows Bind Filter Driver Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
Windows Installer Spoofing Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
Rich Text Edit Control Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
Windows exFAT File System Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
Windows Fast FAT File System Driver Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
Cross-site scripting vulnerability in the management screen of Cybozu Remote Service 3.1.7 to 3.1.9 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Operation restriction bypass in the management screen of Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote authenticated attacker to alter the data of the management screen. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Cross-site scripting vulnerability in the management screen of Cybozu Remote Service 3.1.8 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Cross-site scripting vulnerability in the management screen of Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Cross-site scripting vulnerability in the management screen of Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Cross-site script inclusion vulnerability in the management screen of Cybozu Remote Service 3.1.8 allows a remote authenticated attacker to obtain the information stored in the product. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.