There is an LDAP bind credentials exposure on KACE Systems Deployment and Remote Site appliances 9.0.146. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability has been found in SourceCodester Class Scheduling System 1.0 and classified as problematic. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
iden3 snarkjs through 0.6.11 allows double spending because there is no validation that the publicSignals length is less than the field modulus. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
When Akka HTTP before 10.5.2 accepts file uploads via the FileUploadDirectives.fileUploadAll directive, the temporary file it creates has too weak permissions: it is readable by other users on Linux. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
The Linux kernel 6.3 has a use-after-free in iopt_unmap_iova_range in drivers/iommu/iommufd/io_pagetable.c. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.