Buffer Overflow vulnerability in Tenda i29 versions 1.0 V1.0.0.5 and 1.0 V1.0.0.2, allows remote attackers to cause a denial of service (DoS) via the pingIp parameter in the pingSet function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 12.9%.
A prototype pollution vulnerability has been reported to affect several QNAP operating system versions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability classified as critical was found in CodeAstro Online Food Ordering System 1.0. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
An OS command injection vulnerability has been reported to affect Video Station. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
CSRF in Dynamic Content for Elementor plugin before 2.12.5.
The caching invalidation guidelines from the AMD-Vi specification (48882-Rev 3.07-PUB-Oct 2022) is incorrect on some hardware, as devices will malfunction (see stale DMA mappings) if some fields of. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] libfsimage contains parsing code for several filesystems, most of them. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.
For migration as well as to work around kernels unaware of L1TF (see XSA-273), PV guests may be run in shadow paging mode. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Information exposure in WP Stripe Checkout plugin through 1.2.2.37.
Authorization bypass via user-controlled key in WooCommerce Stripe Payment Gateway plugin.
An OS command injection vulnerability has been reported to affect QuMagie. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
D-Tale is a visualizer for Pandas data structures. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.