Microsoft Defender for IoT Remote Code Execution Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Stripe CLI is a command-line tool for the Stripe eCommerce platform. Rated high severity (CVSS 7.0). This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.
Windows Update Stack Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0). No vendor patch available.
Windows ALPC Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0). No vendor patch available.
Tablet Windows User Interface Application Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.
Windows NT OS Kernel Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0). No vendor patch available.
Windows DWM Core Library Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0). No vendor patch available.
Windows ALPC Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0). No vendor patch available.
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0). No vendor patch available.
Windows ALPC Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0). No vendor patch available.
Xbox Live Auth Manager for Windows Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0). No vendor patch available.
Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Skype Extension for Chrome Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Azure Site Recovery Elevation of Privilege Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Azure Site Recovery Elevation of Privilege Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Azure Site Recovery Elevation of Privilege Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Azure Site Recovery Elevation of Privilege Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Microsoft Exchange Server Spoofing Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
.NET and Visual Studio Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.
Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
Visual Studio Code Spoofing Vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause a disruption of communication between the Modicon controller and the engineering software, when. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause a disruption of communication between the Modicon controller and the. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Microsoft Defender for Endpoint Spoofing Vulnerability. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Microsoft Word Security Feature Bypass Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Microsoft Office Word Tampering Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Windows NT Lan Manager Datagram Receiver Driver Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Windows Common Log File System Driver Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Windows Media Center Update Denial of Service Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Various configuration pages of the device are vulnerable to reflected XSS (Cross-Site Scripting) attacks. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Remote Desktop Protocol Client Information Disclosure Vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.
Windows Hyper-V Denial of Service Vulnerability. Rated medium severity (CVSS 4.7). No vendor patch available.
An authenticated user can create a link with reflected Javascript code inside it for graphs’ page and send it to other users. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
An authenticated user can create a link with reflected Javascript code inside it for items’ page and send it to other users. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
An authenticated user can create a link with reflected Javascript code inside it for services’ page and send it to other users. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
An authenticated user can create a link with reflected XSS payload for actions’ pages, and send it to other users. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
Usage of a weak cryptographic algorithm in Palo Alto Networks PAN-OS software where the password hashes of administrator and local user accounts are not created with a sufficient level of. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
Media Foundation Information Disclosure Vulnerability. Rated medium severity (CVSS 4.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Windows HTML Platforms Security Feature Bypass Vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity.
Microsoft Intune Portal for iOS Security Feature Bypass Vulnerability. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
Media Foundation Information Disclosure Vulnerability. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.