JJWT (aka Java JWT) through 0.12.5 ignores certain characters and thus a user might falsely conclude that they have a strong key. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
In gnss, there is a possible escalation of privilege due to a missing bounds check. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.
In battery, there is a possible escalation of privilege due to an integer overflow. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.
In da, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.
In da, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.
In da, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.
Bonita before 2023.2-u2 allows stored XSS via a UI screen in the administration panel. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In imgsys, there is a possible information disclosure due to a missing bounds check. Rated medium severity (CVSS 6.3). No vendor patch available.
In flashc, there is a possible information disclosure due to an uncaught exception. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
'Yahoo!. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Hard-coded Credentials in CoolKit eWeLlink app are before 5.4.x on Android and IOS allows local attacker to unauthorized access to sensitive data via Decryption algorithm and key obtained after. Rated medium severity (CVSS 5.7). No vendor patch available.
A memory leak vulnerability exists in the Linux kernel's posix_clock_open() function where allocated pccontext memory is not properly released if the clock operations open() callback returns an error. This affects Linux kernel versions including 6.9-rc1 and potentially earlier releases across all architectures. An unprivileged local attacker with standard user privileges can trigger repeated failed clock open operations to exhaust kernel memory and cause denial of service, though the extremely low EPSS score of 0.01% indicates exploitation in the wild is unlikely despite the vulnerability being patched across multiple kernel versions.
Kofax Power PDF GIF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
PDF-XChange Editor XPS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
PDF-XChange Editor XPS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
PDF-XChange Editor TIF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
In battery, there is a possible out of bounds read due to an integer overflow. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
WebMail in Axigen 10.x before 10.3.3.62 allows XSS via the image attachment viewer. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
System->Maintenance-> Log Files in dotCMS dashboard is providing the username/password for database connections in the log output. Rated medium severity (CVSS 4.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
In dotCMS dashboard, the Tools and Log Files tabs under System → Maintenance Portlet, which is and always has been an Admin portlet, is accessible to anyone with that portlet and not just to CMS. Rated medium severity (CVSS 4.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
In flashc, there is a possible information disclosure due to an uncaught exception. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
In flashc, there is a possible information disclosure due to an uncaught exception. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
In flashc, there is a possible information disclosure due to an uncaught exception. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
In da, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.
An issue discovered in Alldata v0.4.6 allows attacker to run arbitrary commands via the processId parameter. Rated medium severity (CVSS 4.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
** DISPUTED ** A vulnerability was found in francoisjacquet RosarioSIS 11.5.1. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
PDF-XChange Editor JPG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A vulnerability has been found in Clavister E10 and E80 up to 14.00.10 and classified as problematic. Rated low severity (CVSS 2.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as problematic, has been found in Replify-Messenger 1.0 on Android.xml of the component Backup File Handler. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A vulnerability classified as problematic was found in Zebra ZTC GK420d 1.0. Rated low severity (CVSS 2.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A vulnerability classified as problematic has been found in fridgecow smartalarm 1.8.1 on Android. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
In flashc, there is a possible system crash due to an uncaught exception. Rated low severity (CVSS 2.3), this vulnerability is low attack complexity. No vendor patch available.
In audio, there is a possible out of bounds read due to an incorrect calculation of buffer size. Rated low severity (CVSS 2.3), this vulnerability is low attack complexity. No vendor patch available.