Cacti is a robust performance and fault management framework and a frontend to RRDTool - a Time Series Database (TSDB). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Heap buffer overflow in WebRTC in Google Chrome prior to 120.0.6099.129 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Leave Management System Project v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Leave Management System Project v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in automad up to 1.10.9. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Navidrome is an open source web-based music collection server and streamer. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
Improper privilege management in all versions of GitHub Enterprise Server allows users with authorized access to the management console with an editor role to escalate their privileges by making. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper validation of the server’s certificate chain in secure traffic scanning feature considered intermediate certificate signed using the MD5 or SHA1 algorithm as trusted. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Deserialization of Untrusted Data vulnerability in PenciDesign Soledad - Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme.4.1. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Keycloak's device authorization grant does not correctly validate the device code and client ID. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability was found in KylinSoft hedron-domain-hook up to 3.8.0.12-0k0.5. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HM Plugin WordPress Job Board and Recruitment Plugin - JobWP.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
ClickHouse® is an open-source column-oriented database management system that allows generating analytical data reports in real-time. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
An improper authentication vulnerability was identified in GitHub Enterprise Server that allowed a bypass of Private Mode by using a specially crafted API request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An insufficient entropy vulnerability was identified in GitHub Enterprise Server (GHES) that allowed an attacker to brute force a user invitation to the GHES Management Console. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
An Observable Timing Discrepancy, Covert Timing Channel vulnerability in Silabs GSDK on ARM potentially allows Padding Oracle Crypto Attack on CBC PKCS7.4.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An issue was discovered in blinksocks version 3.3.8, allows remote attackers to obtain sensitive information via weak encryption algorithms in the component /presets/ssr-auth-chain.js. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
journalpump is a daemon that takes log messages from journald and pumps them to a given output. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Grails is a framework used to build web applications with the Groovy programming language. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.
HCL Launch may mishandle input validation of an uploaded archive file leading to a denial of service due to resource exhaustion. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A race condition in GitHub Enterprise Server was identified that could allow an attacker administrator access. Rated high severity (CVSS 7.0). No vendor patch available.
A race condition was found in the GSM 0710 tty multiplexor in the Linux kernel. Rated high severity (CVSS 7.0).