A vulnerability was found in SourceCodester Online Food Ordering System 2.0 and classified as critical. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6.2.6 lacks a lock_sock call, leading to a race condition (with a resultant use-after-free or NULL pointer dereference). Rated high severity (CVSS 7.0).
Dell BIOS contains an Improper Input Validation vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
Play With Docker is a browser-based Docker playground. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.
Streamlit, software for turning data scripts into web applications, had a cross-site scripting (XSS) vulnerability in versions 0.63.0 through 0.80.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Improper access control vulnerability in BixbyTouch prior to version 3.2.02.5 in China models allows untrusted applications access local files. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Improper authorization vulnerability in AutoPowerOnOffConfirmDialog in Settings prior to SMR Mar-2023 Release 1 allows local attacker to turn device off via unprotected activity. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Path traversal vulnerability in Galaxy Themes Service prior to SMR Mar-2023 Release 1 allows attacker to access arbitrary file with system uid. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Improper input validation vulnerability in SoftSim TA prior to SMR Mar-2023 Release 1 allows local attackers access to protected data. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Improper access control vulnerability in Call application prior to SMR Mar-2023 Release 1 allows local attackers to access sensitive information without proper permission. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Member List module. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The WP Simple Shopping Cart plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.6.3 due to the plugin saving shopping cart data exports in a. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Sudo before 1.9.13 does not escape control characters in sudoreplay output. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Sudo before 1.9.13 does not escape control characters in log messages. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Improper authentication in SecSettings prior to SMR Mar-2023 Release 1 allows attacker to reset the setting. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
Discourse is an open-source messaging platform. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.
Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.
Improper access control in Samsung Calendar prior to versions 12.4.02.9000 in Android 13 and 12.3.08.2000 in Android 12 allows local attacker to configure improper status. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
Improper access control vulnerability in MyFiles application prior to versions 12.2.09.0 in Android 11, 13.1.03.501 in Android 12 and 14.1.03.0 in Android 13 allows local attacker to get sensitive. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
The sensitive information exposure vulnerability in Quick Share Agent prior to versions 3.5.14.18 in Android 12 and 3.5.16.20 in Android 13 allows to local attacker to access MAC address without. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
Improper privilege management vulnerability in PhoneStatusBarPolicy in System UI prior to SMR Mar-2023 Release 1 allows attacker to turn off Do not disturb via unprotected intent. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
Improper usage of implicit intent in Bluetooth prior to SMR Mar-2023 Release 1 allows attacker to get MAC address of connected device. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
Improper authorization in Samsung Keyboard prior to SMR Mar-2023 Release 1 allows physical attacker to access users text history on the lockscreen. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.