A Cross-Site Request Forgery (CSRF) vulnerability exists in the mudler/localai application, allowing attackers to craft malicious webpages that, when visited by a victim, perform unauthorized actions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in SourceCodester Computer Laboratory Management System 1.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in SourceCodester Image Accordion Gallery App 1.0. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /WebPages/history.php. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.
netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/config_ISCGroupTimePolicy.php. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Themify WordPress plugin before 1.4.4 does not sanitise and escape some of its Filters settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability, which was classified as problematic, was found in SourceCodester Computer Laboratory Management System 1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability, which was classified as critical, has been found in SourceCodester Computer Laboratory Management System 1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /3g/menu.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/configguide/ipsec_guide_1.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
The Hubbub Lite WordPress plugin before 1.33.1 does not ensure that user have access to password protected post before displaying its content in a meta tag. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /include/authrp.php. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Themify WordPress plugin before 1.4.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Themify WordPress plugin before 1.4.4 does not have CSRF check in its bulk action, which could allow attackers to make logged in users delete arbitrary filters via CSRF attack, granted they know the. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
JJWT (aka Java JWT) through 0.12.5 ignores certain characters and thus a user might falsely conclude that they have a strong key. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
In gnss, there is a possible escalation of privilege due to a missing bounds check. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.
In battery, there is a possible escalation of privilege due to an integer overflow. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.
In da, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.
In da, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.
In da, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.
Bonita before 2023.2-u2 allows stored XSS via a UI screen in the administration panel. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In imgsys, there is a possible information disclosure due to a missing bounds check. Rated medium severity (CVSS 6.3). No vendor patch available.
In flashc, there is a possible information disclosure due to an uncaught exception. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
'Yahoo!. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Hard-coded Credentials in CoolKit eWeLlink app are before 5.4.x on Android and IOS allows local attacker to unauthorized access to sensitive data via Decryption algorithm and key obtained after. Rated medium severity (CVSS 5.7). No vendor patch available.
A memory leak vulnerability exists in the Linux kernel's posix_clock_open() function where allocated pccontext memory is not properly released if the clock operations open() callback returns an error. This affects Linux kernel versions including 6.9-rc1 and potentially earlier releases across all architectures. An unprivileged local attacker with standard user privileges can trigger repeated failed clock open operations to exhaust kernel memory and cause denial of service, though the extremely low EPSS score of 0.01% indicates exploitation in the wild is unlikely despite the vulnerability being patched across multiple kernel versions.
Kofax Power PDF GIF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
PDF-XChange Editor XPS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
PDF-XChange Editor XPS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
PDF-XChange Editor TIF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
In battery, there is a possible out of bounds read due to an integer overflow. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
WebMail in Axigen 10.x before 10.3.3.62 allows XSS via the image attachment viewer. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
System->Maintenance-> Log Files in dotCMS dashboard is providing the username/password for database connections in the log output. Rated medium severity (CVSS 4.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
In dotCMS dashboard, the Tools and Log Files tabs under System → Maintenance Portlet, which is and always has been an Admin portlet, is accessible to anyone with that portlet and not just to CMS. Rated medium severity (CVSS 4.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
In flashc, there is a possible information disclosure due to an uncaught exception. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
In flashc, there is a possible information disclosure due to an uncaught exception. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
In flashc, there is a possible information disclosure due to an uncaught exception. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
In da, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.
An issue discovered in Alldata v0.4.6 allows attacker to run arbitrary commands via the processId parameter. Rated medium severity (CVSS 4.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.