Fast Food Ordering System v1.0 was discovered to contain a persistent cross-site scripting (XSS) vulnerability via the component /ffos/classes/Master.php?f=save_category. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The login function of Mealie v1.0.0beta-2 allows attackers to enumerate existing usernames by timing the server's response time. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to obtain sensitive information caused by improper handling of Administrative Console data. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Gradle is a build tool. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.
The Guest account feature in Mattermost version 6.7.0 and earlier fails to properly restrict the permissions, which allows a guest user to fetch a list of all public channels in the team, in spite of. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
IBM Security Verify Identity Manager 10.0 could allow a privileged user to upload a malicious file by bypassing extension security in an HTTP request. Rated low severity (CVSS 3.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.