alf.io is an open source ticket reservation system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Serenity before 6.8.0 allows XSS via an email link because LoginPage.tsx permits return URLs that do not begin with a / character. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An issue was discovered in QEMU 7.1.0 through 8.2.1. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.
Weak MySQL database root password in LaborOfficeFree affects version 19.10. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Weak MySQL database root password in LaborOfficeFree affects version 19.10. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
A weak permission was found in the backup directory in LaborOfficeFree affecting version 19.10. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Allocation of Resources Without Limits or Throttling vulnerability in Apache Commons Compress.21 before 1.26. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Apache Commons Compress.3 through 1.25.0. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Iris is a web collaborative platform that helps incident responders share technical details during investigations. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
PrestaShop is an open-source e-commerce platform. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.
Insufficient checks in a web service made it possible to add comments to the comments block on another user's dashboard when it was not otherwise available (e.g., on their profile page). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Separate Groups mode restrictions were not honored when performing a forum export, which would export forum data for all groups. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Separate Groups mode restrictions were not honored in the H5P attempts report, which would display users from other groups. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
The URL parameters accepted by forum search were not limited to the allowed parameters. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
An issue was discovered in QEMU 7.1.0 through 8.2.1. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.