Incorrect access control in TP-Link Tapo before v3.1.315 allows attackers to access user credentials in plaintext. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
An issue was discovered in Peplink Balance Two before 8.4.0. Rated medium severity (CVSS 6.4), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.
A vulnerability was found in y_project RuoYi 4.7.8. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Reflected Cross Site Scripting (XSS) vulnerability in Shaarli v0.12.2, allows remote attackers to execute arbitrary code via search tag function. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability, which was classified as problematic, was found in code-projects E-Commerce Site 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A cross-site scripting (XSS) vulnerability in the component admin_ Video.php of SeaCMS v12.8 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability classified as problematic was found in code-projects Record Management System 1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability classified as problematic has been found in code-projects Record Management System 1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in code-projects Intern Membership Management System 2.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
ffcss is a CLI interface to apply and configure Firefox CSS themes. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
An issue in the export component AdSdkH5Activity of com.sdjictec.qdmetro v4.2.2 allows attackers to open a crafted URL without any filtering or checking. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
An issue was discovered in Peplink Balance Two before 8.4.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Deserialization of Untrusted Data vulnerability in Gesundheit Bewegt GmbH Zippy.6.5. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in TMS Booking for Appointments and Events Calendar - Amelia allows Stored XSS.0.85. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeum WP Crowdfunding allows Stored XSS.1.6. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Darren Cooney WordPress Infinite Scroll - Ajax Load More allows Stored XSS.1.0.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
In ActiveAdmin (aka Active Admin) before 2.12.0, a concurrency issue allows a malicious actor to access potentially private data (that belongs to another user) by making CSV export requests at. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
msgpackr is a fast MessagePack NodeJS/JavaScript implementation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.
HCL Launch could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Talent Software ECOP allows Reflected XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ibericode HTML Forms allows Stored XSS.3.28. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
An HCL UrbanCode Deploy Agent installed as a Windows service in a non-standard location could be subject to a denial of service attack by local accounts.. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in BoxyStudio Booked - Appointment Booking for WordPress | Calendars.4.4. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Cross-Site Request Forgery (CSRF) vulnerability in Bill Minozzi Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan.34. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Winter is a free, open-source content management system. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in VeronaLabs WP SMS - Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc.0.4. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Winter is a free, open-source content management system. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
Cross-Site Request Forgery (CSRF) vulnerability in Marios Alexandrou Add Any Extension to Pages.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
MeterSphere is a one-stop open source continuous testing platform. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.