D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the User-Agent parameter. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the Cookie parameter. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the SOAPACTION parameter. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
F-logic DataCube3 v1.0 is vulnerable to unrestricted file upload, which could allow an authenticated malicious actor to upload a file of dangerous type by manipulating the filename extension. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Cross Site Request Forgery vulnerability in FlyCms v.1.0 allows a remote attacker to execute arbitrary code via the system/article/category_edit component. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Type Confusion in V8 in Google Chrome prior to 122.0.6261.94 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Type Confusion in V8 in Google Chrome prior to 122.0.6261.94 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
yyjson through 0.8.0 has a double free, leading to remote code execution in some cases, because the pool_free function lacks loop checks. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A host header injection vulnerability in the forgot password function of FullStackHero's WebAPI Boilerplate v1.0.0 and v1.0.1 allows attackers to leak the password reset token via a crafted request. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.
Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Rack is a modular Ruby web server interface. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
Rack is a modular Ruby web server interface. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
A vulnerability, which was classified as critical, has been found in SourceCodester Web-Based Student Clearance System 1.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajax_import_options() function in all. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The WP Recipe Maker plugin for WordPress is vulnerable to SQL Injection via the 'recipes' parameter in all versions up to, and including, 9.1.2 due to insufficient escaping on the user supplied. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.
The RSS Aggregator by Feedzy - Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to SQL Injection via the ‘search_key’ parameter in all versions up. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.
Kaspersky has fixed a security issue in the Kaspersky Security 8.0 for Linux Mail Server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Cross-Site Request Forgery (CSRF) vulnerability in M&S Consulting Email Before Download.9.7. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability in the External Border Gateway Protocol (eBGP) implementation of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability with the handling of MPLS traffic for Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause the netstack process to unexpectedly restart, which could cause the. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
texlive-bin commit c515e was discovered to contain heap buffer overflow via the function ttfLoadHDMX:ttfdump. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
XenForo before 2.2.14 allows Directory Traversal (with write access) by an authenticated user who has permissions to administer styles, and uses a ZIP archive for Styles Import. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
dp-golang is a Puppet module for Go installations. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.
Delta Electronics CNCSoft-B DOPSoft prior to v4.0.0.82 insecurely loads libraries, which may allow an attacker to use DLL hijacking and take over the system where the software is installed. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Element Android is an Android Matrix Client. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
Authorization Bypass Through User-Controlled Key vulnerability in NetIQ (OpenText) Client Login Extension on Windows allows Privilege Escalation, Code Injection.This issue only affects NetIQ Client. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
The Contact Form builder with drag & drop for WordPress - Kali Forms plugin for WordPress is vulnerable to unauthorized plugin deactivation due to a missing capability check on the. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.
A vulnerability was found in Nway Pro 9. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
cassandra-rs is a Cassandra (CQL) driver for Rust. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
Couchbase Server before 7.2.4 has a private key leak in goxdcr.log. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Rack is a modular Ruby web server interface. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
The Oliver POS - A WooCommerce Point of Sale (POS) plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on several functions hooked via AJAX in the. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Milan Petrovic GD Rating System allows Stored XSS.5. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Cross-Site Request Forgery (CSRF) vulnerability in Ernest Marcinko Ajax Search Lite allows Reflected XSS.11.4. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in José Fernandez Adsmonetizer allows Reflected XSS.1.2. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Melapress WP Activity Log wp-security-audit-log allows DOM-Based XSS.6.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Improper Link Resolution Before File Access ('Link Following') vulnerability in HYPR Workforce Access on MacOS allows File Manipulation.7.1. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.