All versions of @fastify/oauth2 used a statically generated state parameter at startup time and were used across all requests for all users. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability has been found in SourceCodester Shopping Website 1.0 and classified as critical. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
The ND Shortcodes WordPress plugin before 7.0 does not validate some shortcode attributes before using them to generate paths passed to include function/s, allowing any authenticated users such as. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Hero Qubo HCD01_02_V1.38_20220125 devices allow TELNET access with root privileges by default, without a password. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability, which was classified as critical, was found in SourceCodester Shopping Website 1.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
The Tutor LMS WordPress plugin before 2.2.1 does not implement adequate permission checks for REST API endpoints, allowing unauthenticated attackers to access information from Lessons that should not. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in quarkus-core. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Memory Corruption in WLAN HOST while fetching TX status information. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
Memory Corruption in Data Modem while processing DMA buffer release event about CFR data. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
Memory Corruption in WLAN HOST while parsing QMI WLAN Firmware response message. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
Memory Corruption in WLAN HOST while parsing QMI response message from firmware. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.
Memory Corruption in Audio while allocating the ion buffer during the music playback. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Arbitrary memory overwrite when VM gets compromised in TX write leading to Memory Corruption. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
Memory Corruption in WLAN HOST while processing WLAN FW request to allocate memory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.
Memory corruption in Audio while running concurrent tunnel playback or during concurrent audio tunnel recording sessions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
An app with non-privileged access can change global system brightness and cause undesired system behavior. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
Memory corruption in Linux when the file upload API is called with parameters having large buffer. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Memory corruption in Audio while processing sva_model_serializer using memory size passed by HIDL client. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Memory corruption in Video while calling APIs with different instance ID than the one received in initialization. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Memory corruption in Linux while calling system configuration APIs. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Memory Corruption in Data Network Stack & Connectivity when sim gets detected on telephony. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Memory Corruption in Linux while processing QcRilRequestImsRegisterMultiIdentityMessage request. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In vow, there is a possible escalation of privilege due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
NVIDIA DGX A100/A800 contains a vulnerability in SBIOS where an attacker may cause improper input validation by providing configuration information in an unexpected format. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
NVIDIA DGX A100/A800 contains a vulnerability in SBIOS where an attacker may cause execution with unnecessary privileges by leveraging a weakness whereby proper input parameter validation is not. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In wlan firmware, there is possible system crash due to an uncaught exception. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In wlan firmware, there is possible system crash due to an uncaught exception. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In wlan firmware, there is possible system crash due to an integer overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In wlan firmware, there is possible system crash due to an integer overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In wlan firmware, there is possible system crash due to an integer overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a guest OS may be able to control resources for which it is not authorized, which may lead to information. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where an unprivileged user can cause an integer overflow, which may lead to information disclosure and denial of. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.