Large loops in multiple protocol dissectors in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allow denial of service via packet injection or crafted capture file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
ZEROF Web Server 2.0 allows /admin.back XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
An issue was discovered in Cerebrate through 1.4. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
An issue was discovered in Cerebrate through 1.4. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader Foxit reader 11.0.1.0719 macOS. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader 11.1.0.52543. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 uses the MD5 algorithm to hash the passwords before. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A flaw was found in LemMinX in versions prior to 0.19.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Dart SDK contains the HTTPClient in dart:io library whcih includes authorization headers when handling cross origin redirects. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.
In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Prism is a syntax highlighting library. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
An issue was discovered in Cerebrate through 1.4. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
swtpm is a libtpms-based TPM emulator with socket, character device, and Linux CUSE interface. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Sante DICOM Viewer Pro 11.8.7.0. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Sante DICOM Viewer Pro 11.8.7.0. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Sante DICOM Viewer Pro 11.8.7.0. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A flaw was found in LemMinX in versions prior to 0.19.0. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
A ..%2F path traversal vulnerability exists in the path handler of awful-salmonella-tar before 0.0.4. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Ibexa DXP ezsystems/ezpublish-kernel 7.5.x before 7.5.26 and 1.3.x before 1.3.12 allows Insecure Direct Object Reference (IDOR) attacks against image files because the image path and filename can be. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An issue was discovered in Cerebrate through 1.4. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
The vulnerability allows Subscriber+ level users to create brands in WordPress Perfect Brands for WooCommerce plugin (versions <= 2.0.4). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
An issue was discovered in Cerebrate through 1.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.