follow-redirects is an open source, drop-in replacement for Node's `http` and `https` modules that automatically follows redirects. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
The bwdates-report-result.php file in Phpgurukul User Registration & Login and User Management System 3.1 contains a potential security vulnerability related to user input validation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Webedition CMS 9.2.2.0 has a File upload vulnerability via /webEdition/we_cmd.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Webedition CMS 9.2.2.0 has a Stored XSS vulnerability via /webEdition/we_cmd.php. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
An issue in radareorg radare2 v.0.9.7 through v.5.8.6 and fixed in v.5.8.8 allows a local attacker to cause a denial of service via the grub_sfs_read_extent function. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
In Delinea PAM Secret Server 11.4, it is possible for an attacker (with Administrator access to the Secret Server machine) to read the following data from a memory dump: the decrypted master key,. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Livemesh Elementor Addons by Livemesh allows Stored XSS.3.5. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Information exposure through microarchitectural state after transient execution from some register files for some Intel(R) Atom(R) Processors may allow an authenticated user to potentially enable. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.
IBM Integration Bus for z/OS 10.1 through 10.1.0.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.
vantage6 is an open source framework built to enable, manage and deploy privacy enhancing technologies like Federated Learning and Multi-Party Computation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.
A path traversal vulnerability exists in GoAnywhere MFT prior to 7.4.2 which allows attackers to circumvent endpoint-specific permission checks in the GoAnywhere Admin and Web Clients. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
This is a Server-Side Request Forgery (SSRF) vulnerability in the PaperCut NG/MF server-side module that allows an attacker to induce the server-side application to make HTTP requests to an arbitrary. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The oik plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes such as bw_contact_button and bw_button shortcodes in all versions up to, and including, 4.10.0. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the LinkWrapper attribute found in several widgets in all versions up to, and including,. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
This is a reflected cross site scripting vulnerability in the PaperCut NG/MF application server. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Insecure key exchange between Delinea PAM Secret Server 11.4 and the Distributed Engine 8.4.3 allows a PAM administrator to obtain the Symmetric Key (used to encrypt RabbitMQ messages) via crafted. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Zemana AntiLogger v2.74.204.664 is vulnerable to an Arbitrary Process Termination vulnerability by triggering the 0x80002048 IOCTL code of the zam64.sys and zamguard64.sys drivers. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
A malicious insider exploiting this vulnerability can circumvent existing security controls put in place by the organization. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
A malicious insider can uninstall Skyhigh Client Proxy without a valid uninstall password. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
A malicious insider can bypass the existing policy of Skyhigh Client Proxy without a valid release code. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
vantage6 is an open source framework built to enable, manage and deploy privacy enhancing technologies like Federated Learning and Multi-Party Computation. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
vantage6-UI is the official user interface for the vantage6 server. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Resource to Wrong Sphere vulnerability could allow attackers to access resources from an unintended security context.
An Integer-based buffer overflow vulnerability in the SonicOS via IPSec allows a remote attacker in specific conditions to cause Denial of Service (DoS) and potentially execute arbitrary code by. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.
User enumeration can occur in the Authentication REST API in Delinea PAM Secret Server 11.4. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An improper Limitation of a Pathname to a Restricted Directory (Path Traversal) vulnerability in SonicWall Email Security Appliance could allow a remote attacker with administrative privileges to. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
This vulnerability potentially allows unauthorized enumeration of information from the embedded device APIs. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Broken Access Control in the Report functionality of Delinea PAM Secret Server 11.4 allows unprivileged users, when Unlimited Admin Mode is enabled, to view system reports and modify custom reports. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.