In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A improper verification of source of a communication channel in Fortinet FortiOS with IPS engine version 7.201 through 7.214, 7.001 through 7.113, 6.001 through 6.121, 5.001 through 5.258 and before. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
TOTOLINK A3002R TOTOLINK-A3002R-He-V1.1.1-B20200824.0128 is vulnerable Buffer Overflow via the hostname parameter in binary /bin/boa. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
TOTOLINK A3002R TOTOLINK-A3002R-He-V1.1.1-B20200824.0128 is vulnerable to Buffer Overflow via /bin/boa. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In TOTOLINK A860R V4.1.2cu.5182_B20201027 there is a hard coded password for root in /etc/shadow.sample. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The Broken Link Checker plugin for WordPress is vulnerable to deserialization of untrusted input via the '$log_file' value in versions up to, and including 1.11.16. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.
The JoomSport - for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter on the joomsport-events-form page in versions up to,. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.
The JoomSport - for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter on the joomsport-page-extrafields page in versions. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.
Authenticated command injection vulnerabilities exist in the AOS-CX Network Analytics Engine via NAE scripts. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Dell BIOS contains a race condition vulnerability. Rated high severity (CVSS 7.0). No vendor patch available.