GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Discourse is an open-source discussion platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in didi KnowSearch 0.3.2/0.3.1.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A reflected cross-site scripting (XSS) vulnerability in the File Manager function of Webmin v2.100 allows attackers to execute malicious scripts via injecting a crafted payload into the Find in. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in Academy LMS 6.2 on Windows. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Cross-site Scripting (XSS) - DOM in GitHub repository librenms/librenms prior to 23.9.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
Strapi is an open-source headless content management system. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A stored cross-site scripting (XSS) vulnerability in Webmin v2.100 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cloned module name parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A stored cross-site scripting (XSS) vulnerability in the Usermin Configuration function of Webmin v2.100 allows attackers to execute arbitrary web sripts or HTML via a crafted payload injected into. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
An issue was discovered in Webmin 2.100. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A reflected cross-site scripting (XSS) vulnerability in the File Manager function of Webmin v2.100 allows attackers to execute malicious scripts via injecting a crafted payload into the Replace in. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 23.9.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
Cross-site Scripting (XSS) - DOM in GitHub repository librenms/librenms prior to 23.9.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
Cross-site Scripting (XSS) - Generic in GitHub repository librenms/librenms prior to 23.9.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
Cross-site Scripting (XSS) - Reflected in GitHub repository librenms/librenms prior to 23.9.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
Code Injection in GitHub repository librenms/librenms prior to 23.9.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
JumpServer is an open source bastion host and a professional operation and maintenance security audit system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
SHIRASAGI is a Content Management System. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Jetty is a Java based web server and servlet engine. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
HashiCorp Vault and Vault Enterprise transit secrets engine allowed authorized users to specify arbitrary nonces, even with convergent encryption disabled. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.
Dell PowerEdge BIOS and Dell Precision BIOS contain a buffer overflow vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
Discourse is an open-source discussion platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Discourse is an open-source discussion platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Discourse is an open-source discussion platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A flaw was found in Quay. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The WS Facebook Like Box Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'ws-facebook-likebox' shortcode in versions up to, and including, 5.0 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Saphira Saphira Connect allows Reflected XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Microsoft Edge (Chromium-based) Spoofing Vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
A vulnerability was found in app1pro Shopicial up to 20230830. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Wasmtime is a standalone runtime for WebAssembly. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Jetty is a Java based web server and servlet engine. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Contiki-NG is an operating system for internet-of-things devices. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.
Contiki-NG is an operating system for internet-of-things devices. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.
Gradio v3.27.0 was discovered to contain an arbitrary file upload vulnerability via the /upload interface. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.