Transient DOS in WLAN Firmware while parsing a BTM request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Transient DOS while processing a WMI P2P listen start command (0xD00A) sent from host. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Transient DOS in Data Modem during DTLS handshake. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The Priva TopControl Suite contains predictable credentials for the SSH service, based on the Serial number. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Permanent DOS in Hypervisor while untrusted VM without PSCI support makes a PSCI call. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Cryptographic issue in Automotive while unwrapping the key secs2d and verifying with RPMB data. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.
Memory corruption while receiving a message in Bus Socket Transport Server. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
Memory corruption when IPv6 prefix timer object`s lifetime expires which are created while Netmgr daemon gets an IPv6 address. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In display drm, there is a possible memory corruption due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In netdagent, there is a possible information disclosure due to an incorrect bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In Engineer Mode, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In keyInstall, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In bluetooth service, there is a possible out of bounds write due to improper input validation. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In battery, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In battery, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In battery, there is a possible memory corruption due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
OWASP AntiSamy .NET is a library for performing cleansing of HTML coming from untrusted sources. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
vmm-sys-util is a collection of modules that provides helpers and utilities used by multiple rust-vmm components. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.
In wlan driver, there is a possible PIN crack due to use of insufficiently random values. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
A memory leak problem was found in ctnetlink_create_conntrack in net/netfilter/nf_conntrack_netlink.c in the Linux Kernel. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
An issue in A-WORLD OIRASE BEER_waiting Line v.13.6.1 allows attackers to send crafted notifications via leakage of the channel access token. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A stack based buffer overflow was found in the virtio-net device of QEMU. Rated medium severity (CVSS 4.9), this vulnerability is no authentication required.
Mattermost fails to scope the WebSocket response around notified users to a each user separately resulting in the WebSocket broadcasting the information about who was notified about a post to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.
In keyInstall, there is a possible information disclosure due to a missing bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
In keyInstall, there is a possible information disclosure due to a missing bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
In battery, there is a possible information disclosure due to an integer overflow. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
In battery, there is a possible information disclosure due to a missing bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
In battery, there is a possible information disclosure due to a missing bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
Mattermost fails to properly verify the permissions needed for viewing archived public channels, allowing a member of one team to get details about the archived public channels of another team via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.
in OpenHarmony v3.2.2 and prior versions allow a local attacker cause multimedia player crash through modify a released pointer. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
in OpenHarmony v3.2.2 and prior versions allow a local attacker cause multimedia camera crash through modify a released pointer. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
in OpenHarmony v3.2.2 and prior versions allow a local attacker cause multimedia audio crash through modify a released pointer. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
in OpenHarmony v3.2.2 and prior versions allow a local attacker cause multimedia player crash through modify a released pointer. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Mattermost fails to update the permissions of the current session for a user who was just demoted to guest, allowing freshly demoted guests to change group names. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable.
A vulnerability was found in rt-prettyphoto Plugin up to 1.2 on WordPress and classified as problematic. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
A vulnerability, which was classified as problematic, was found in Acumos Design Studio up to 2.0.7. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
in OpenHarmony v3.2.2 and prior versions allow a local attacker cause DOS through occupy all resources. Rated low severity (CVSS 2.9), this vulnerability is no authentication required. No vendor patch available.
A vulnerability has been found in Zimbra zm-ajax up to 8.8.1 and classified as problematic. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
omniauth-microsoft_graph provides an Omniauth strategy for the Microsoft Graph API. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
Rust EVM is an Ethereum Virtual Machine interpreter. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.
PrestaShop is an open-source e-commerce platform. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
A vulnerability has been found in Magic-Api up to 2.0.1 and classified as critical. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
PrestaShop is an open-source e-commerce platform. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.
OTCLient is an alternative tibia client for otserv. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
A vulnerability, which was classified as critical, has been found in CodeAstro Internet Banking System up to 1.0.php of the component Profile Picture Handler. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0 and classified as problematic.php of the component Quiz Handler. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability has been found in RRJ Nueva Ecija Engineer Online Portal 1.0 and classified as problematic. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability, which was classified as problematic, was found in RRJ Nueva Ecija Engineer Online Portal 1.0. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.