Carel Boss Mini 1.5.0 has Improper Access Control. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
In Linaro Automated Validation Architecture (LAVA) before 2022.11.1, remote code execution can be achieved through user-submitted Jinja2 template. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
TensorFlow is an open source platform for machine learning. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
Unauth. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
drachtio-server 0.8.18 has a request-handler.cpp event_cb use-after-free for any request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
D-Link DIR3060 DIR3060A1_FW111B04.bin is vulnerable to Buffer Overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
TensorFlow is an open source platform for machine learning. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
TensorFlow is an open source platform for machine learning. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.
IOBit IOTransfer V4 is vulnerable to Unquoted Service Path. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
INTELBRAS SG 2404 MR 20180928-rel64938 allows authenticated attackers to arbitrarily create Administrator accounts via crafted user cookies. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
In Free5gc v3.0.5, the AMF breaks due to malformed NAS messages. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
TensorFlow is an open source platform for machine learning. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
TensorFlow is an open source platform for machine learning. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
TensorFlow is an open source platform for machine learning. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
TensorFlow is an open source platform for machine learning. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
TensorFlow is an open source platform for machine learning. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
TensorFlow is an open source platform for machine learning. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
TensorFlow is an open source platform for machine learning. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
TensorFlow is an open source platform for machine learning. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
TensorFlow is an open source platform for machine learning. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
TensorFlow is an open source platform for machine learning. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
TensorFlow is an open source platform for machine learning. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
TensorFlow is an open source platform for machine learning. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
TensorFlow is an open source platform for machine learning. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
TensorFlow is an open source platform for machine learning. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
TensorFlow is an open source platform for machine learning. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
TensorFlow is an open source platform for machine learning. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
TensorFlow is an open source platform for machine learning. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
TensorFlow is an open source platform for machine learning. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
TensorFlow is an open source platform for machine learning. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/admin/?page=transactions/manage_transaction&id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/admin/mechanics/view_mechanic.php?id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/admin/services/manage_service.php?id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/admin/mechanics/manage_mechanic.php?id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/classes/Master.php?f=delete_service. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Automotive Shop Management System v1.0 is vulnerable to SQL via /asms/classes/Master.php?f=delete_mechanic. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Unauth. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Arbitrary Code Execution vulnerability in Api2Cart Bridge Connector plugin <= 1.1.0 on WordPress. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Broken Access Control vulnerability in Permalink Manager Lite plugin <= 2.2.20 on WordPress. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Bypass vulnerability in Quiz And Survey Master plugin <= 7.3.10 on WordPress. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In drachtio-server 0.8.18, /var/log/drachtio has mode 0777 and drachtio.log has mode 0666. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.
Unauth. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Cross-Site Request Forgery (CSRF) vulnerability in REST API Authentication plugin <= 2.4.0 on WordPress. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Creative Mail plugin <= 1.5.4 on WordPress. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Auth. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Cross-Site Request Forgery (CSRF) vulnerability in Media Library Folders plugin <= 7.1.1 on WordPress. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Multiple Cross-Site Scripting (CSRF) vulnerabilities in SEO Redirection Plugin plugin <= 8.9 on WordPress. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Missing Authorization vulnerability in Appointment Booking Calendar plugin <= 1.3.69 on WordPress. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Broken Access Control vulnerability in miniOrange's Google Authenticator plugin <= 5.6.1 on WordPress. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Missing Authorization vulnerability in Appointment Hour Booking plugin <= 1.3.71 on WordPress. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.