Mojoportal v2.7 was discovered to contain an authenticated XML external entity (XXE) injection vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability, found in EdgeRouters Version 2.0.9-hotfix.5 and earlier and UniFi Security Gateways (USG) Version 4.4.56 and earlier with their DHCPv6 prefix delegation set to dhcpv6-stateless or. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability in ActiveRecord <6.0.6.1, v6.1.7.1 and v7.0.4.1 related to the sanitization of comments. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Privilege Chaining in GitHub repository cockpit-hq/cockpit prior to 2.3.8. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.2. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.
Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to V2.1.0-DEV. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
go-bitfield is a simple bitfield package for the go language aiming to be more performant that the standard library. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
ChurchCRM v4.5.3 and below was discovered to contain a SQL injection vulnerability via the Event parameter under the Event Attendance reports module. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
ChurchCRM v4.5.3 and below was discovered to contain a SQL injection vulnerability via the EID parameter at GetText.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Improper cryptographic implementation in Samsung Flow for PC 4.9.14.0 allows adjacent attackers to decrypt encrypted messages or inject commands. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Improper cryptographic implementation in Samsung Flow for Android prior to version 4.9.04 allows adjacent attackers to decrypt encrypted messages or inject commands. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
In ExpressionEngine before 7.2.6, remote code execution can be achieved by an authenticated Control Panel user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Wings is Pterodactyl's server control plane. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable.
A Stack-based overflow vulnerability in IpcRxEmbmsSessionList in SECRIL prior to Android S(12) allows attacker to cause memory corruptions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Improper access control vulnerability in MyFiles prior to versions 12.2.09 in Android R(11), 13.1.03.501 in Android S(12) and 14.1.00.422 in Android T(13) allows local attacker to write file with. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Improper input validation vulnerability in UwbDataTxStatusEvent prior to SMR Feb-2023 Release 1 allows attackers to launch certain activities. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Improper access control vulnerability in Galaxy Store prior to version 4.5.49.8 allows local attackers to install applications from Galaxy Store. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Improper access control vulnerabilities in Smart Things prior to 1.7.93 allows to attacker to invite others without authorization of the owner. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
An out-of-bound read vulnerability in mapToBuffer function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR JAN-2023 Release 1 allows attacker to cause memory access fault. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Improper Handling of Insufficient Permissions or Privileges vulnerability in KnoxCustomManagerService prior to SMR Jan-2023 Release 1 allows attacker to access device SIM PIN. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Use of Externally-Controlled Format String vulnerabilities in STST TA prior to SMR Jan-2023 Release 1 allows arbitrary code execution. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
WALLIX Access Manager 3.x through 4.0.x allows a remote attacker to access sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.
github.com/ipfs/go-unixfsnode is an ADL IPLD prime node that wraps go-codec-dagpb's implementation of protobuf to enable pathing. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.
go-unixfs is an implementation of a unix-like filesystem on top of an ipld merkledag. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.
A ReDoS based DoS vulnerability in the GlobalID <1.0.1 which could allow an attacker supplying a carefully crafted input can cause the regular expression engine to take an unexpected amount of time. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.
A regular expression based DoS vulnerability in Active Support <6.1.7.1 and <7.0.4.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.
A regular expression based DoS vulnerability in Action Dispatch <6.1.7.1 and <7.0.4.1 related to the If-None-Match header. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.
A regular expression based DoS vulnerability in Action Dispatch <6.0.6.1,< 6.1.7.1, and <7.0.4.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.
An improper implementation logic in Secure Folder prior to SMR Jan-2023 Release 1 allows the Secure Folder container remain unlocked under certain condition. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.