Windows Remote Access Connection Manager Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Secure Boot Security Feature Bypass Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Microsoft Install Service Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Windows Authentication Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Windows Kernel Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
The Hubbub Lite - Fast, Reliable Social Sharing Buttons plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.33.1 via deserialization of untrusted input. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.
gin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stack. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable. No vendor patch available.
The Forminator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an uploaded file (e.g. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
The CMB2 plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.10.1 via deserialization of untrusted input from the text_datetime_timestamp_timezone. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.
The WP Encryption - One Click Free SSL Certificate & SSL / HTTPS Redirect to Force HTTPS, SSL Score plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The WP Compress - Image Optimizer plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wps_local_compress::__construct' function in all. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.
A vulnerability has been identified in SINEC NMS (All versions < V2.0 SP2). Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The WooCommerce Cloak Affiliate Links plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'permalink_settings_save' function in all. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to time-based SQL Injection via the id parameter in all versions up. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.
The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the X-Forwarded-For header in all versions up to, and including, 3.4.9.2 due to insufficient. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Secure Boot Security Feature Bypass Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. No vendor patch available.
Microsoft Virtual Machine Bus (VMBus) Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Windows Kerberos Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.
HTTP.sys Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
DHCP Server Service Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
DHCP Server Service Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An exposure of sensitive information to an unauthorized actor in Fortinet FortiOS at least version at least 7.4.0 through 7.4.1 and 7.2.0 through 7.2.5 and 7.0.0 through 7.0.15 and 6.4.0 through. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In Eclipse Kura LogServlet component included in versions 5.0.0 to 5.4.1, a specifically crafted request to the servlet can allow an unauthenticated user to retrieve the device logs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A race condition was identified through which privilege escalation was possible in certain configurations. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.
The Customily Product Personalizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via user cookies in all versions up to, and including, 1.23.3 due to insufficient input. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Secure Boot Security Feature Bypass Vulnerability. Rated high severity (CVSS 7.4), this vulnerability is no authentication required. No vendor patch available.
The Everest Forms plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.0.7 via the 'font_url' parameter. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.
Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.
Windows File Server Resource Management Service Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.
A vulnerability has been identified in JT2Go (All versions < V2312.0004), Parasolid V35.1 (All versions < V35.1.254), Parasolid V36.0 (All versions < V36.0.207), Parasolid V36.1 (All versions <. Rated high severity (CVSS 7.3), this vulnerability is no authentication required. No vendor patch available.
A flaw was found in` JwtValidator.resolvePublicKey` in JBoss EAP, where the validator checks jku and sends a HTTP request. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Windows Distributed File System (DFS) Remote Code Execution Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Microsoft Defender for IoT Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.
Microsoft Defender for IoT Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.
Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
DHCP Server Service Remote Code Execution Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
DHCP Server Service Remote Code Execution Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Microsoft Defender for IoT Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Microsoft Defender for IoT Remote Code Execution Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
SAP Asset Accounting could allow a high privileged attacker to exploit insufficient validation of path information provided by the users and pass it through to the file API's. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Missing Authorization vulnerability in PenciDesign Soledad.4.2. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Missing Authorization vulnerability in Themify Post Type Builder (PTB).0.8. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Contao is an open source content management system. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity.
Secure Boot Security Feature Bypass Vulnerability. Rated high severity (CVSS 7.1), this vulnerability is no authentication required.
Secure Boot Security Feature Bypass Vulnerability. Rated high severity (CVSS 7.1), this vulnerability is no authentication required. No vendor patch available.
Secure Boot Security Feature Bypass Vulnerability. Rated high severity (CVSS 7.1), this vulnerability is no authentication required. No vendor patch available.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themify Post Type Builder (PTB) allows Reflected XSS.1.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
RedisBloom adds a set of probabilistic data structures to Redis. Rated high severity (CVSS 7.0). No vendor patch available.
Windows USB Print Driver Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0). No vendor patch available.