Verint Workforce Optimization (WFO) 15.2.8.10048 allows XSS via the control/my_notifications NEWUINAV parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 68.9%.
An RF replay attack vulnerability in the SecuritasHome home alarm system, version HPGW-G 0.0.2.23F BG_U-ITR-F1-BD_BL.A30.20181117, allows an attacker to trigger arbitrary system functionality by. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.
Cross Site Scripting (XSS) vulnerability exists in Catfish <=6.3.0 via a Google search in url:/catfishcms/index.php/admin/Index/addmenu.htmland then the .html file on the website that uses this. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Cross Site Scripting (XSS) vulnerability exits in Anchor CMS <=0.12.7 in posts.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
yetiforcecrm is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
A Cross Site Scripting (XSS) vulnerability exists in Dolibarr before 14.0.3 via the ticket creation flow. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Sofico Miles RIA 2020.2 Build 127964T is affected by Stored Cross Site Scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A missing authorization vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows a remote attacker to access at. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
yetiforcecrm is vulnerable to Business Logic Errors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
yetiforcecrm is vulnerable to Business Logic Errors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
Microsoft Jet Red Database Engine and Access Connectivity Engine Elevation of Privilege Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.
Visual Basic for Applications Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.
In TBD of fvp.c, there is a possible way to glitch CPU behavior due to a missing permission check. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.
In __configfs_open_file of file.c, there is a possible use-after-free due to improper locking. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
In sec_ts_parsing_cmds of (TBD), there is a possible out of bounds write due to an incorrect bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.
In (TBD) of (TBD), there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.
In regmap_exit of regmap.c, there is a possible use-after-free due to improper locking. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.
In ic_startRetrieveEntryValue of acropora/app/identity/ic.c, there is a possible bypass of defense-in-depth due to missing validation of the return value. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.
In periodic_io_work_func of lwis_periodic_io.c, there is a possible out of bounds write due to a use after free. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.
In onEventReceived of EventResultPersister.java, there is a possible intent redirection due to a confused deputy. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In phNxpNHal_DtaUpdate of phNxpNciHal_dta.cc, there is a possible out of bounds write due to an incorrect bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.
In SRAMROM, there is a possible permission bypass due to an insecure permission setting. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In getOffsetBeforeAfter of TextLine.java, there is a possible denial of service due to resource exhaustion. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
In toBARK of floor0.c, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.
In MPEG4Source::read of MPEG4Extractor.cpp, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.
In getTitle of AccessPoint.java, there is a possible unhandled exception due to a missing null check. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
In C2SoftMP3::process() of C2SoftMp3Dec.cpp, there is a possible out of bounds write due to a heap buffer overflow. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In WT_InterpolateNoLoop of eas_wtengine.c, there is a possible out of bounds read due to an incorrect bounds check. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Microsoft Local Security Authority (LSA) Server Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Resource to Wrong Sphere vulnerability could allow attackers to access resources from an unintended security context.
An attacker with basic CRUD permissions on a replicated collection can run the applyOps command with specially malformed oplog entries, resulting in a potential denial of service on secondaries.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.
In synchronous_process_io_entries of lwis_ioctl.c, there is a possible out of bounds write due to a race condition. Rated medium severity (CVSS 6.4).
In unix_scm_to_skb of af_unix.c, there is a possible use after free bug due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.
A cross site scripting (XSS) vulnerability in Genesys Workforce Management 8.5.214.20 can occur (during record deletion) via the Time-off parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Lychee-v3 3.2.16 is affected by a Cross Site Scripting (XSS) vulnerability in php/Access/Guest.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
BMC firmware (IBM Power System S821LC Server (8001-12C) OP825.50) configuration changed to allow an authenticated user to open an insecure communication channel which could allow an attacker to. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Microsoft Office Trust Center Spoofing Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.
Microsoft SharePoint Server Spoofing Vulnerability. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity.
Microsoft SharePoint Server Spoofing Vulnerability. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity.
Windows Hyper-V Denial of Service Vulnerability. Rated medium severity (CVSS 5.6).
In TBD of TBD, there is a possible downgrade attack due to under utilized anti-rollback protections. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
In (TBD) of (TBD), there is a possible out of bounds read due to memory corruption. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.
In UserDetailsActivity of AndroidManifest.xml, there is a possible DoS due to a tapjacking/overlay attack. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
In setNotificationsShownFromListener of NotificationManagerService.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
In startRanging of RttServiceImpl.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
In hasNamedWallpaper of WallpaperManagerService.java, there is a possible way to determine whether an app is installed, without query permissions, due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
In getNetworkTypeForSubscriber of PhoneInterfaceManager.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
In checkExistsAndEnforceCannotModifyImmutablyRestrictedPermission of PermissionManagerService.java, there is a possible way to determine whether an app is installed, without query permissions, due to. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
In onResume of NotificationAccessDetails.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
In setPackageStoppedState of PackageManagerService.java, there is a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
In getSigningKeySet of PackageManagerService.java, there is a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.