The Simple Quotation WordPress plugin through 1.3.2 does not have authorisation (and CSRF) checks in various of its AJAX actions and is lacking escaping of user data when using it in SQL statements,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
The Event Manager and Tickets Selling for WooCommerce WordPress plugin before 3.5.8 does not validate and escape the post_author_gutenberg parameter before using it in a SQL statement when. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
Sylius is an open source eCommerce platform. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Heap-based Buffer Overflow occurs in vim in GitHub repository vim/vim prior to 8.2.4563. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.
GPAC 1.0.1 is affected by a heap-based buffer overflow in SFS_AddString () at bifs/script_dec.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
GPAC 1.0.1 is affected by a NULL pointer dereference in gf_utf8_wcslen. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
GPAC 1.0.1 is affected by a stack-based buffer overflow through MP4Box. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.13.xxx is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
fish is a command line shell. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.
Volto is a ReactJS-based frontend for the Plone Content Management System. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.
IBM Spectrum Protect Plus 10.1.0.0 through 10.1.9.2 and IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 do not limit the length of a connection which could allow for a Slowloris HTTP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A carefully crafted request body can cause a read to a random memory area which could cause the process to crash.4.52 and earlier. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
With administrator or admin privileges the application can be tricked into overwriting files in app_data/Config folder, e.g. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.