Command Injection Vulnerability in GitHub repository hestiacp/hestiacp prior to 1.5.12. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
SQL Injection vulnerability in Victor CMS v1.0, via the user_name parameter to /includes/login.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
The Deviceconnect microservice through 1.3.0 in Northern.tech Mender Enterprise before 3.2.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Authenticated SQL Injection (SQLi) vulnerability in Mufeng's Hermit 音乐播放器 plugin <= 3.1.6 on WordPress allows attackers with Subscriber or higher user roles to execute SQLi attack via (&ids). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0 is vulnerable to Cross Site Request Forgery (CSRF) because randomly generated tokens are too easily guessable. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.
In JetBrains Rider before 2022.1 local code execution via links in ReSharper Quick Documentation was possible. Rated high severity (CVSS 7.7), this vulnerability is low attack complexity. No vendor patch available.
In JetBrains IntelliJ IDEA before 2022.1 local code execution via links in Quick Documentation was possible. Rated high severity (CVSS 7.7), this vulnerability is low attack complexity. No vendor patch available.
In JetBrains IntelliJ IDEA before 2022.1 local code execution via HTML descriptions in custom JSON schemas was possible. Rated high severity (CVSS 7.7), this vulnerability is low attack complexity. No vendor patch available.
In Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0, a site using Isolated Institutions is vulnerable if more than ten groups are used. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Shopware is an open source e-commerce software platform. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable.
Shopware is an open source e-commerce software platform. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability in Zoom On-Premise Meeting Connector Controller version 4.8.102.20220310 and On-Premise Meeting Connector MMR version 4.8.102.20220310 exposes process memory fragments to connected. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The Zoom Client for Meetings for MacOS (Standard and for IT Admin) prior to version 5.9.6 failed to properly check the package version during the update process. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Lexmark products through 2022-02-10 have Incorrect Access Control. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The Zoom Client for Meetings for Windows prior to version 5.9.7, Zoom Rooms for Conference Room for Windows prior to version 5.10.0, Zoom Plugins for Microsoft Outlook for Windows prior to version. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.
In JetBrains IntelliJ IDEA before 2022.1 origin checks in the internal web server were flawed. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.