libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
A path traversal vulnerability has been reported to affect Music Station. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A path traversal vulnerability has been reported to affect Music Station. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
In visitUris of Notification.java, there is a possible way to reveal image contents from another user due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.
In multiple locations, there is a possible way to crash multiple system services due to resource exhaustion. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.
In validatePassword of WifiConfigurationUtil.java, there is a possible way to get the device into a boot loop due to improper input validation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
A flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertisement packets between virtual machines to bypass OpenFlow rules. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
Sensitive information disclosure due to missing authorization. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Cross-Site Request Forgery (CSRF) vulnerability in Fugu Design Maintenance Switch maintenance-switch allows Cross Site Request Forgery.7.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The Profile Extra Fields by BestWebSoft plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the prflxtrflds_export_file function in versions up to,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Gradle is a build tool with a focus on build automation and support for multi-language development. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
A cleartext transmission of sensitive information vulnerability has been reported to affect QVPN Device Client. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
An insufficiently protected credentials vulnerability has been reported to affect QVPN Device Client. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
Discourse-jira is a Discourse plugin allows Jira projects, issue types, fields and field options will be synced automatically. Rated medium severity (CVSS 4.1), this vulnerability is remotely exploitable, low attack complexity.