pdfmake is an open source client/server side PDF printing in pure JavaScript. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
The package simple-git before 3.15.0 are vulnerable to Remote Code Execution (RCE) when enabling the ext transport protocol, which makes it exploitable via clone() method. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
All versions of package gitpython are vulnerable to Remote Code Execution (RCE) due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Buffer overflow in firmware lewei_cam binary version 2.0.10 in Force 1 Discovery Wifi U818A HD+ FPV Drone allows attacker to gain remote code execution as root user via a specially crafted UDP. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A directory traversal vulnerability in the SevenZipFile.extractall() function of the python library py7zr v0.20.0 and earlier allows attackers to write arbitrary files via extracting a crafted 7z. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
daloRADIUS is an open source RADIUS web management application. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
AyaCMS v3.1.2 has an Arbitrary File Upload vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Thinkphp 5.1.41 and 5.0.24 has a code logic error which causes file upload getshell. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in FastCMS. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
An access control issue in MobaXterm before v22.1 allows attackers to make connections to the server via the SSH or SFTP protocols without authentication. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.
An integer overflow in the VNC module in VideoLAN VLC Media Player through 3.0.17.4 allows attackers, by tricking a user into opening a crafted playlist or connecting to a rogue VNC server, to crash. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
GPAC MP4box v2.0.0 was discovered to contain a stack overflow in the smil_parse_time_list parameter at /scenegraph/svg_attributes.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Auth. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Telegram Web 15.3.1 allows XSS via a certain payload derived from a Target Corporation website. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Unauth. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An authentication bypass by assumed-immutable data vulnerability [CWE-302] in the FortiOS SSH login component 7.2.0, 7.0.0 through 7.0.7, 6.4.0 through 6.4.9, 6.2 all versions, 6.0 all versions and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
RackN Digital Rebar through 4.6.14, 4.7 through 4.7.22, 4.8 through 4.8.5, 4.9 through 4.9.12, and 4.10 through 4.10.8 has exposed a privileged token via a public API endpoint (Incorrect Access. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The Admin Smart Search feature in Proofpoint Enterprise Protection (PPS/PoD) contains a stored cross-site scripting vulnerability that enables an anonymous email sender to gain admin privileges. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability classified as problematic has been found in TP-Link TL-WR740N. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
The Web Client component of TIBCO Software Inc.'s TIBCO Nimbus contains an easily exploitable vulnerability that allows an unauthenticated attacker with network access to exploit an open redirect on. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
TensorFlow is an open source platform for machine learning. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.
TensorFlow is an open source platform for machine learning. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.
When aborting a SFTP connection, MobaXterm before v22.1 sends a hardcoded password to the server. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.
An XML external entity (XXE) injection vulnerability in Kwoksys Kwok Information Server before v2.9.5.SP31 allows remote authenticated users to conduct server-side request forgery (SSRF) attacks. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Auth. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Unauth. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
An improper neutralization of special elements used in an SQL Command ('SQL Injection') vulnerability in Fortinet FortiADC version 7.1.0, version 7.0.0 through 7.0.2 and version 6.2.4 and below. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
RackN Digital Rebar through 4.6.14, 4.7 through 4.7.22, 4.8 through 4.8.5, 4.9 through 4.9.12, and 4.10 through 4.10.8 has Insecure Permissions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A vulnerability within the malware removal functionality of Avast and AVG Antivirus allowed an attacker with write access to the filesystem, to escalate his privileges in certain scenarios. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
IBM Spectrum Scale 5.1.0.1 through 5.1.4.1 could allow a local attacker to execute arbitrary commands in the container. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.
In windows manager service, there is a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In power management service, there is a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In UscAIEngine service, there is a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In power management service, there is a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In power management service, there is a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In power management service, there is a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In power management service, there is a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In power management service, there is a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In power management service, there is a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In power management service, there is a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In power management service, there is a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In power management service, there is a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In power management service, there is a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In power management service, there is a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In power management service, there is a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In power management service, there is a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Redmine 5.x before 5.0.4 allows downloading of file attachments of any Issue or any Wiki page due to insufficient permission checks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Quarkus CORS filter allows simple GET and POST requests with invalid Origin to proceed. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Kodexplorer is a chinese language web based file manager and browser based code editor. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.
IBM Sterling Secure Proxy 6.0.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.