An out of bounds write due to a missing bounds check in LabVIEW may result in remote code execution. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
An out of bounds write due to a missing bounds check in LabVIEW may result in remote code execution. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.
An improper error handling vulnerability in LabVIEW may result in remote code execution. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
An out of bounds write due to a missing bounds check in LabVIEW may result in remote code execution. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.
Privilege escalation in windows agent plugin in Checkmk before 2.2.0p23, 2.1.0p40 and 2.0.0 (EOL) allows local user to escalate privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In AtiHandleAPOMsgType of ati_Main.c, there is a possible OOB write due to a missing null check. Rated high severity (CVSS 7.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
OpenOlat is an open source web-based e-learning platform for teaching, learning, assessment and communication. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.
Zitadel is an open source identity management system. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. No vendor patch available.
In ss_SendCallBarringPwdRequiredIndMsg of ss_CallBarring.c, there is a possible null pointer deref due to a missing null check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
there is a possible out of bounds read due to a missing bounds check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In ss_ProcessRejectComponent of ss_MmConManagement.c, there is a possible out of bounds read due to a missing bounds check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In the Linux kernel, the following vulnerability has been resolved: s390/vfio-ap: always filter entire AP matrix The vfio_ap_mdev_filter_matrix function is called whenever a new adapter or domain is. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.
SOY CMS is an open source CMS (content management system) that allows you to build blogs and online shops. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.
In init_data of , there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.
Student Information Chatbot a0196ab allows SQL injection via the username to the login function in index.php. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In the Linux kernel, the following vulnerability has been resolved: fs/proc/task_mmu: move mmu notification mechanism inside mm lock Move mmu notification mechanism inside mm lock to prevent race. Rated high severity (CVSS 7.0).
In pt_sysctl_command of pt.c, there is a possible out of bounds write due to an incorrect bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In smp_proc_sec_req of smp_act.cc, there is a possible out of bounds read due to improper input validation. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.
In pktproc_perftest_gen_rx_packet_sktbuf_mode of link_rx_pktproc.c, there is a possible out of bounds write due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.
In dumpBatteryDefend of dump_power.cpp, there is a possible out of bounds read due to a heap buffer overflow. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
In constraint_check of fvp.c, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
phlex is an open source framework for building object-oriented views in Ruby. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
Cross Site Scripting (XSS) vulnerability in Sourcecodester Insurance Management System 1.0 allows attackers to run arbitrary code via the Subject and Description fields when submitting a support. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Amazon AWS aws-js-s3-explorer (aka AWS JavaScript S3 Explorer) 1.0.0 allows XSS via a crafted S3 bucket name to index.html. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In fvp_set_target of fvp.c, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
In gpu_slc_liveness_update of pixel_gpu_slc.c, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
In wipe_ns_memory of nsmemwipe.c, there is a possible incorrect size calculation due to a logic error in the code. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
In plugin_extern_func of , there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
In update_freq_data of , there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
In dvfs_plugin_caller of fvp.c, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
In the Linux kernel, the following vulnerability has been resolved: arm64/sme: Always exit sme_alloc() early with existing storage When sme_alloc() is called with existing storage and we are not. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.
In the Linux kernel, the following vulnerability has been resolved: net/smc: fix illegal rmb_desc access in SMC-D connection dump A crash was found when dumping SMC-D connections. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.
In the Linux kernel, the following vulnerability has been resolved: tcp: make sure init the accept_queue's spinlocks once When I run syz's reproduction C program locally, it causes the following. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
In the Linux kernel, the following vulnerability has been resolved: netfs, fscache: Prevent Oops in fscache_put_cache() This function dereferences "cache" and then checks if it's IS_ERR_OR_NULL(). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.
In the Linux kernel, the following vulnerability has been resolved: xsk: fix usage of multi-buffer BPF helpers for ZC XDP Currently when packet is shrunk via bpf_xdp_adjust_tail() and memory type is. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.
In writeUserLP of UserManagerService.java, device policies are serialized with an incorrect tag due to a logic error in the code. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.
An off-by-one error flaw was found in the udevListInterfacesByStatus() function in libvirt when the number of interfaces exceeds the size of the `names` array. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
The Photos and Files Contest Gallery WordPress plugin before 21.3.1 does not sanitize and escape some parameters, which could allow users with a role as low as author to perform Cross-Site Scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
OOB read in the TMU plugin that allows for memory disclosure in the power management subsystem of the device. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In ProtocolPsKeepAliveStatusAdapter::getCode() of protocolpsadapter.cpp, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required. No vendor patch available.
In EUTRAN_LCS_DecodeFacilityInformationElement of LPP_LcsManagement.c, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
In sendHciCommand of bluetooth_hci.cc, there is a possible out of bounds read due to a heap buffer overflow. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
The Mollie Forms plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the exportRegistrations function in all versions up to, and including, 2.6.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.
The Mollie Forms plugin for WordPress is vulnerable to unauthorized post or page duplication due to a missing capability check on the duplicateForm function in all versions up to, and including,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.
In acpm_tmu_ipc_handler of tmu_plugin.c, there is a possible out of bounds read due to a missing bounds check. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
In getCustomPrinterIcon of PrintManagerService.java, there is a possible way to view other user's images due to a confused deputy. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.
In multiple functions of healthconnect, there is a possible leakage of exercise route data due to a missing permission check. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.