Denial of Service in GitHub repository usememos/memos prior to 0.9.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
Unrestricted Upload of File with Dangerous Type in GitHub repository microweber/microweber prior to 1.3.2. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Authentication Bypass by Primary Weakness in GitHub repository ikus060/rdiffweb prior to 2.5.5. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
A SQL injection issue in a database stored function in TrueConf Server 5.2.0.10225 (fixed in 5.2.6.10025) allows a low-privileged database user to execute arbitrary SQL commands as the database. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A vulnerability was found in Widoco and classified as critical. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.
A remote code execution vulnerability exists in Rockwell Automation Studio 5000 Logix Emulate software. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Parsing malicious or large YAML documents can consume excessive amounts of CPU or memory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.
The dag-pb codec can panic when decoding invalid blocks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.
Some Dahua software products have a vulnerability of unauthenticated restart of remote DSS Server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Some Dahua software products have a vulnerability of server-side request forgery (SSRF). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Some Dahua software products have a vulnerability of using of hard-coded cryptographic key. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.
Some Dahua software products have a vulnerability of unauthenticated request of MQTT credentials. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.
Some Dahua software products have a vulnerability of unrestricted upload of file. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.