Active Directory Federation Server Spoofing Vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
Microsoft Dynamics 365 (on-premises) Spoofing Vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.
Frontier is Substrate's Ethereum compatibility layer. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
InBody App for iOS versions prior to 2.3.30 and InBody App for Android versions prior to 2.2.90(510) contain a vulnerability which may lead to information disclosure only when it works with the body. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
HTTP header injection vulnerability in Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote attacker to alter the information stored in the product. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Console Window Host Security Feature Bypass Vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity.
Microsoft SharePoint Server Information Disclosure Vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable.
Windows AD FS Security Feature Bypass Vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.
Active Directory Security Feature Bypass Vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.
A timing and power-based side channel attack leveraging the x86 PREFETCH instructions on some AMD CPUs could potentially result in leaked kernel address space information. Rated medium severity (CVSS 4.7). No vendor patch available.
Microsoft DWM Core Library Elevation of Privilege Vulnerability. Rated medium severity (CVSS 4.7). This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.
VMware vRealize Log Insight (8.x prior to 8.6) contains a CSV(Comma Separated Value) injection vulnerability in interactive analytics export function. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.
Missing check in DataCommunicator class in com.vaadin:vaadin-server versions 8.0.0 through 8.14.0 (Vaadin 8.0.0 through 8.14.0) allows authenticated network attacker to cause heap exhaustion by. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.
Intune Management Extension Security Feature Bypass Vulnerability. Rated medium severity (CVSS 4.2).
Releases prior to VMware vRealize Operations 8.6 contain a Server Side Request Forgery (SSRF) vulnerability. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.