Mogu blog 5.2 is vulnerable to Cross Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
The package svelte before 3.49.0 are vulnerable to Cross-site Scripting (XSS) due to improper input sanitization and to improper escape of attributes when using objects during SSR (Server-Side. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability, which was classified as problematic, was found in SourceCodester Simple Parking Management System 1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability classified as problematic was found in SourceCodester Simple Sales Management System 1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability classified as problematic has been found in SourceCodester Hotel Management System 2.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in SourceCodester Hotel Management System 2.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability, which was classified as problematic, has been found in SourceCodester Simple Parking Management System 1.0. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Windows Print Spooler Elevation of Privilege Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Windows DNS Server Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.
Windows Group Policy Elevation of Privilege Vulnerability. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.
Windows Portable Device Enumerator Service Security Feature Bypass Vulnerability. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.
Azure Site Recovery Elevation of Privilege Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Azure Site Recovery Elevation of Privilege Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Azure Site Recovery Elevation of Privilege Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Azure Site Recovery Elevation of Privilege Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Azure Site Recovery Elevation of Privilege Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Azure Site Recovery Elevation of Privilege Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Azure Site Recovery Elevation of Privilege Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Azure Site Recovery Elevation of Privilege Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Azure Site Recovery Elevation of Privilege Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Azure Site Recovery Elevation of Privilege Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Azure Site Recovery Elevation of Privilege Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Azure Site Recovery Elevation of Privilege Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Azure Site Recovery Elevation of Privilege Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Microsoft Defender for Endpoint Tampering Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Windows Security Account Manager (SAM) Denial of Service Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Azure Site Recovery Elevation of Privilege Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Windows Hyper-V Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A vulnerability was found in libguestfs. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Under certain conditions SAP BusinessObjects Business Intelligence Platform 4.x - versions 420,430 allows user Administrator to view, edit or modify rights of objects it doesn't own and which would. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.
Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.
The NFC module has a buffer overflow vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
The NFC module has a buffer overflow vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A vulnerability has been identified in Mendix Excel Importer Module (Mendix 8 compatible) (All versions < V9.2.2), Mendix Excel Importer Module (Mendix 9 compatible) (All versions < V10.1.2). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.
A vulnerability has been identified in Mendix Applications using Mendix 9 (All versions >= V9.11 < V9.15), Mendix Applications using Mendix 9 (V9.12) (All versions < V9.12.3). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.
EGT-Kommunikationstechnik UG Mediacenter before v2.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component Online_Update.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The libconnect extension before 7.0.8 and 8.x before 8.1.0 for TYPO3 allows XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
The matomo_integration (aka Matomo Integration) extension before 1.3.2 for TYPO3 allows XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
BitLocker Security Feature Bypass Vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability in SAP NW EP (WPC) - versions 7.30, 7.31, 7.40, 7.50, which does not sufficiently validate user-controlled input, allows a remote attacker to conduct a Cross-Site (XSS) scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs over the network, resulting in reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
SAP Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
SAP NetWeaver Enterprise Portal does - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, not sufficiently encode user-controlled inputs over the network, resulting in reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, is susceptible to script execution attack by an unauthenticated attacker due to improper sanitization of the User. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The package whoogle-search before 0.7.2 are vulnerable to Cross-site Scripting (XSS) via the query string parameter q. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
SAP BusinessObjects Business Intelligence Platform (LCM) - versions 420, 430, allows an attacker with an admin privilege to read and decrypt LCMBIAR file's password under certain conditions, enabling. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Windows Network File System Information Disclosure Vulnerability. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.