A vulnerability, which was classified as critical, was found in SourceCodester Inventory Management System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in Byzoro Smart S45F Multi-Service Secure Gateway Intelligent Management Platform up to 20230822. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in Tenda AC8 16.03.34.06_cn_TDC01. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
LibreY is a fork of LibreX, a framework-less and javascript-free privacy respecting meta search engine. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
The Media from FTP WordPress plugin before 11.17 does not properly limit who can use the plugin, which may allow users with author+ privileges to move files around, like wp-config.php, which may lead. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability classified as critical has been found in TOTOLINK N200RE V5 9.3.5u.6437_B20230519. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Use After Free in GitHub repository vim/vim prior to 9.0.1840. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.
Use After Free in GitHub repository vim/vim prior to 9.0.1857. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.
Use After Free in GitHub repository vim/vim prior to 9.0.1858. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.
LibreY is a fork of LibreX, a framework-less and javascript-free privacy respecting meta search engine. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
This User Activity Log WordPress plugin before 1.6.7 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
The Post Timeline WordPress plugin before 2.2.6 does not sanitise and escape an invalid nonce before outputting it back in an AJAX response, leading to a Reflected Cross-Site Scripting which could be. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The Store Locator WordPress plugin before 1.4.13 does not sanitise and escape an invalid nonce before outputting it back in an AJAX response, leading to a Reflected Cross-Site Scripting which could. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
All of the above Aapna WordPress theme through 1.3, Anand WordPress theme through 1.2, Anfaust WordPress theme through 1.1, Arendelle WordPress theme before 1.1.13, Atlast Business WordPress theme. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG LED Assistant. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG LED Assistant. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability classified as critical was found in DedeCMS 5.7.110. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
hyper-bump-it is a command line tool for updating the version in project files.`hyper-bump-it` reads a file glob pattern from the configuration file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.
Buffer Over-read in GitHub repository gpac/gpac prior to 2.3-DEV. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.
Use After Free in GitHub repository gpac/gpac prior to 2.3-DEV. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.
Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.3-DEV. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.
Out-of-bounds Write in GitHub repository gpac/gpac prior to 2.3-DEV. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.
Vyper is a Pythonic Smart Contract Language. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
Vyper is a Pythonic Smart Contract Language. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
The 123.chat WordPress plugin before 1.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
The AI ChatBot WordPress plugin before 4.7.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
The AI ChatBot WordPress plugin before 4.7.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
The Photo Gallery, Images, Slider in Rbs Image Gallery WordPress plugin before 3.2.16 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
The User Activity Log WordPress plugin before 1.6.6 lacks proper authorisation when exporting its activity logs, allowing any authenticated users, such as subscriber to perform such action and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Dell Alienware Command Center, versions prior to 5.5.51.0, contain a deserialization of untrusted data vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In vowifiservice, there is a possible missing permission check.This could lead to local escalation of privilege with no additional execution privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In vowifiservice, there is a possible missing permission check.This could lead to local escalation of privilege with no additional execution privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In vowifiservice, there is a possible missing permission check.This could lead to local escalation of privilege with no additional execution privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In vowifiservice, there is a possible missing permission check.This could lead to local escalation of privilege with no additional execution privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In vowifiservice, there is a possible missing permission check.This could lead to local escalation of privilege with no additional execution privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In vowifiservice, there is a possible missing permission check.This could lead to local escalation of privilege with no additional execution privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In vowifiservice, there is a possible missing permission check.This could lead to local escalation of privilege with no additional execution privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In vowifiservice, there is a possible missing permission check.This could lead to local escalation of privilege with no additional execution privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In vowifiservice, there is a possible missing permission check.This could lead to local escalation of privilege with no additional execution privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In vowifiservice, there is a possible missing permission check.This could lead to local escalation of privilege with no additional execution privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In vowifiservice, there is a possible missing permission check.This could lead to local escalation of privilege with no additional execution privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In vowifiservice, there is a possible missing permission check.This could lead to local escalation of privilege with no additional execution privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In vowifiservice, there is a possible missing permission check.This could lead to local escalation of privilege with no additional execution privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Parse Server is an open source backend server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Vulnerability in the password recovery mechanism of Password Recovery plugin for Roundcube, in its 1.2 version, which could allow a remote attacker to change an existing user´s password by adding a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG LED Assistant. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG LED Assistant. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In LTE protocol stack, there is a possible missing permission check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In NIA0 algorithm in Security Mode Command, there is a possible missing verification incorrect input. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.