resi-calltrace in RESI Gemini-Net 4.2 is affected by Multiple XSS issues. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a URL /checklogin.jsp endpoint. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a file upload mechanism. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a URL /cgi-bin endpoint. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
E-Series SANtricity OS Controller Software 11.x versions through 11.70.2 are vulnerable to host header injection attacks that could allow an attacker to redirect users to malicious websites. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An issue was discovered in Pidgin before 2.14.9. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.
BD Synapsys™, versions 4.20, 4.20 SR1, and 4.30, contain an insufficient session expiration vulnerability. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.
Dell PowerStore Versions before v2.1.1.0. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_set_number at src/njs_value.h. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
Incorrect Default Permissions vulnerability in ABB e-Design allows attacker to install malicious software executing with SYSTEM permissions violating confidentiality, integrity, and availability of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
A cross-site scripting (XSS) vulnerability in ICT Protege GX/WX v2.08 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Black Rainbow NIMBUS before 3.7.0 allows stored Cross-site Scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
BigBlueButton is an open source web conferencing system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.
A vulnerability was found in SourceCodester Product Show Room Site 1.0. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A vulnerability was found in SourceCodester Product Show Room Site 1.0. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
E-Series SANtricity OS Controller Software versions 11.40 through 11.70.2 store the LDAP BIND password in plaintext within a file accessible only to privileged users. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
An access control issue in ICT Protege GX/WX 2.08 allows attackers to leak SHA1 password hashes of other users. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
BigBlueButton is an open source web conferencing system. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.
BigBlueButton is an open source web conferencing system. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.
BigBlueButton is an open source web conferencing system. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.