VitalPBX version 3.2.3-8 allows an unauthenticated external attacker to obtain the instance administrator's account. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
SvelteKit is a web development framework. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
Uvdesk version 1.1.1 allows an authenticated remote attacker to execute commands on the server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
CoreDial sipXcom up to and including 21.04 is vulnerable to Improper Neutralization of Argument Delimiters in a Command. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
CoreDial sipXcom up to and including 21.04 is vulnerable to Insecure Permissions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Moby is an open source container framework developed by Docker Inc. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.
markdown-pdf version 11.0.0 allows an external attacker to remotely obtain arbitrary local files. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Cross Site Scripting vulnerability found in Ehuacui BBS allows attackers to cause a denial of service via a crafted payload in the login parameter. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
An issue found in Wondershare Technology Co.,Ltd Creative Centerr v.1.0.8 allows a remote attacker to execute arbitrary commands via the wondershareCC_setup_full10819.exe file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
An issue found in Wondershare Technology Co.,Ltd Edraw-max v.12.0.4 allows a remote attacker to execute arbitrary commands via the edraw-max_setup_full5371.exe file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
An issue found in Wondershare Technology Co.,Ltd PDF Reader v.1.0.1 allows a remote attacker to execute arbitrary commands via the pdfreader_setup_full13143.exe file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
An issue found in Wondershare Technology Co.,Ltd PDFelement v9.1.1 allows a remote attacker to execute arbitrary commands via the pdfelement-pro_setup_full5239.exe file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
An issue found in Wondershare Technology Co.,Ltd Dr.Fone v.12.4.9 allows a remote attacker to execute arbitrary commands via the drfone_setup_full3360.exe file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
An issue found in Wondershare Technology Co.,Ltd Anireel 1.5.4 allows a remote attacker to execute arbitrary commands via the anireel_setup_full9589.exe file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
An issue found in Wondershare Technology Co.,Ltd Recoverit v.10.6.3 allows a remote attacker to execute arbitrary commands via the recoverit_setup_full4134.exe file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
An issue found in Wondershare Technology Co.,Ltd Repairit v.3.5.4 allows a remote attacker to execute arbitrary commands via the repairit_setup_full5913.exe file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
An issue found in Wondershare Technology Co.,Ltd MobileTrans v.4.0.2 allows a remote attacker to execute arbitrary commands via the mobiletrans_setup_full5793.exe file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
An issue found in Wondershare Technology Co., Ltd DemoCreator v.6.0.0 allows a remote attacker to execute arbitrary commands via the democreator_setup_full7743.exe file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
An issue found in Wondershare Technology Co., Ltd UniConverter v.14.0.0 allows a remote attacker to execute arbitrary commands via the uniconverter14_64bit_setup_full14204.exe file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
An issue found in Wondershare Technology Co, Ltd Filmora v.12.0.9 allows a remote attacker to execute arbitrary commands via the filmora_setup_full846.exe. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
An issue found in Wondershare Technology Co, Ltd Edrawmind v.10.0.6 allows a remote attacker to executea arbitrary commands via the WindowsCodescs.dll file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
SWFTools v0.9.2 was discovered to contain a stack-use-after-scope in the swf_ReadSWF2 function in lib/rfxswf.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Buffer Overflow vulnerability found in tinyTIFF v.3.0 allows a local attacker to cause a denial of service via the TinyTiffReader_readNextFrame function in tinytiffreader.c file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Envoy is an open source edge and service proxy designed for cloud-native applications. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the ssid parameter in the form_fast_setting_wifi_set function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
The hashing algorithm of ChurchCRM v4.5.3 utilizes a non-random salt value which allows attackers to use precomputed hash tables or dictionary attacks to crack the hashed passwords. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
An unauthorized access issue found in XiaoBingby TeaCMS 2.3.3 allows attackers to escalate privileges via the id and keywords parameter(s). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
PolyMC Launcher <= 1.4.3 is vulnerable to Directory Traversal. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available.
ATLauncher <= 3.4.26.0 is vulnerable to Directory Traversal. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Heap buffer overflow in Browser History in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Use after free in Vulkan in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Use after free in Networking APIs in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Out of bounds memory access in DOM Bindings in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Use after free in Frames in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Heap buffer overflow in Visuals in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
ascii_load_sockaddr in smtpd in OpenBSD before 7.1 errata 024 and 7.2 before errata 020, and OpenSMTPD Portable before 7.0.0-portable commit f748277, can abort upon a connection from a local, scoped. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
File Upload vulnerability found in Monitorr v.1.7.6 allows a remote attacker t oexecute arbitrary code via a crafted file upload to the assets/php/upload.php endpoint. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Dell PowerScale OneFS versions 8.2.x-9.5.0.x contain an elevation of privilege vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.
Dell PowerScale OneFS version 9.5.0.0 contains improper link resolution before file access vulnerability in isi_gather_info. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
The listed versions of Nexx Smart Home devices lack proper access control when executing actions. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.