The Media from FTP WordPress plugin before 11.17 does not properly limit who can use the plugin, which may allow users with author+ privileges to move files around, like wp-config.php, which may lead. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability classified as critical has been found in TOTOLINK N200RE V5 9.3.5u.6437_B20230519. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Use After Free in GitHub repository vim/vim prior to 9.0.1840. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.
Use After Free in GitHub repository vim/vim prior to 9.0.1857. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.
Use After Free in GitHub repository vim/vim prior to 9.0.1858. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.
LibreY is a fork of LibreX, a framework-less and javascript-free privacy respecting meta search engine. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
This User Activity Log WordPress plugin before 1.6.7 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Dell Alienware Command Center, versions prior to 5.5.51.0, contain a deserialization of untrusted data vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In vowifiservice, there is a possible missing permission check.This could lead to local escalation of privilege with no additional execution privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In vowifiservice, there is a possible missing permission check.This could lead to local escalation of privilege with no additional execution privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In vowifiservice, there is a possible missing permission check.This could lead to local escalation of privilege with no additional execution privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In vowifiservice, there is a possible missing permission check.This could lead to local escalation of privilege with no additional execution privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In vowifiservice, there is a possible missing permission check.This could lead to local escalation of privilege with no additional execution privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In vowifiservice, there is a possible missing permission check.This could lead to local escalation of privilege with no additional execution privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In vowifiservice, there is a possible missing permission check.This could lead to local escalation of privilege with no additional execution privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In vowifiservice, there is a possible missing permission check.This could lead to local escalation of privilege with no additional execution privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In vowifiservice, there is a possible missing permission check.This could lead to local escalation of privilege with no additional execution privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In vowifiservice, there is a possible missing permission check.This could lead to local escalation of privilege with no additional execution privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In vowifiservice, there is a possible missing permission check.This could lead to local escalation of privilege with no additional execution privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In vowifiservice, there is a possible missing permission check.This could lead to local escalation of privilege with no additional execution privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In vowifiservice, there is a possible missing permission check.This could lead to local escalation of privilege with no additional execution privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Parse Server is an open source backend server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Vulnerability in the password recovery mechanism of Password Recovery plugin for Roundcube, in its 1.2 version, which could allow a remote attacker to change an existing user´s password by adding a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG LED Assistant. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG LED Assistant. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In LTE protocol stack, there is a possible missing permission check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In NIA0 algorithm in Security Mode Command, there is a possible missing verification incorrect input. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In wlan service, there is a possible command injection due to improper input validation. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pixelgrade PixTypes pixtypes allows DOM-Based XSS.4.15. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.