A Missing Authentication for Critical Function vulnerability in spacewalk-java of SUSE Manager Server 4.1, SUSE Manager Server 4.2 allows remote attackers to easily exhaust available disk resources. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
In motor-admin versions 0.0.1 through 0.2.56 are vulnerable to host header injection in the password reset functionality where malicious actor can send fake password reset email to arbitrary victim. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available.
Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.18. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
In habitica versions v4.119.0 through v4.232.2 are vulnerable to DOM XSS via the login page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
In habitica versions v4.119.0 through v4.232.2 are vulnerable to open redirect via the login page. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available.
A vulnerability in the logging component of Cisco Adaptive Security Device Manager (ASDM) could allow an authenticated, local attacker to view sensitive information in clear text on an affected. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
In ERPNext, versions v11.0.0-beta through v13.0.2 are vulnerable to Missing Authorization, in the chat rooms functionality. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
In ERPNext, versions v12.0.9--v13.0.3 are vulnerable to Stored Cross-Site-Scripting (XSS), due to user input not being validated properly. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
A Observable Response Discrepancy vulnerability in spacewalk-java of SUSE Manager Server 4.1, SUSE Manager Server 4.2 allows remote attackers to discover valid usernames. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
In directus versions v9.0.0-beta.2 through 9.6.0 are vulnerable to server-side request forgery (SSRF) in the media upload functionality which allows a low privileged user to perform internal network. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
In openlibrary versions deploy-2016-07-0 through deploy-2021-12-22 are vulnerable to Reflected XSS. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.
ERPNext in versions v12.0.9-v13.0.3 are affected by a stored XSS vulnerability that allows low privileged users to store malicious scripts in the ‘username’ field in ‘my settings’ which can lead to. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available.
In ERPNext, versions v13.0.0-beta.13 through v13.30.0 are vulnerable to Stored XSS at the Patient History page which allows a low privilege user to conduct an account takeover attack. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available.
Apache Sling Commons Log <= 5.4.0 and Apache Sling API <= 2.25.0 are vulnerable to log injection. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In openlibrary versions deploy-2016-07-0 through deploy-2021-12-22 are vulnerable to Stored XSS. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.