Werkzeug is a comprehensive WSGI web application library. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.
SQL injection vulnerability in add_friends.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the friend_index parameter. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
An issue was discovered in HSC Mailinspector 5.2.17-3 through v.5.2.18. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A SQL injection vulnerability in /model/add_student_first_payment.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the index. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Litestar and Starlite is an Asynchronous Server Gateway Interface (ASGI) framework. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
SQL injection vulnerability in /model/delete_range_grade.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the id parameter. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/readDeal.php?mudi=clearWebCache. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability via the PinCode parameter at /API/info form endpoint. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
DHCP can add routes to a client’s routing table via the classless static route option (121). Rated high severity (CVSS 7.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
An out-of-bound memory read vulnerability was discovered in Bytecode Alliance wasm-micro-runtime v2.0.0 which allows a remote attacker to cause a denial of service via the "block_type_get_arity". Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
wasm3 v0.5.0 was discovered to contain an out-of-bound memory read which leads to segmentation fault via the function "main" in wasm3/platforms/app/main.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
wasm3 v0.5.0 was discovered to contain a global buffer overflow which leads to segmentation fault via the function "PreserveRegisterIfOccupied" in wasm3/source/m3_compile.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
D-Link DIR-845L router v1.01KRb03 and before is vulnerable to Command injection via the hnap_main()func. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A denial of service vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
The MF Gig Calendar WordPress plugin through 1.2.1 does not have CSRF checks in some places, which could allow attackers to make logged in Contributors and above delete arbitrary events via a CSRF. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.
A SQL injection vulnerability in Cybrosys Techno Solutions Text Commander module (aka text_commander) 16.0 through 16.0.1 allows a remote attacker to gain privileges via the data parameter to. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A SQL injection vulnerability in ZI PT Solusi Usaha Mudah Analytic Data Query module (aka izi_data) 11.0 through 17.x before 17.0.3 allows a remote attacker to gain privileges via a query to. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
SQL injection vulnerability in /model/delete_student_grade_subject.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the index. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Cross Site Scripting (XSS) vulnerability in YzmCMS 7.0 allows attackers to run arbitrary code via Ads Management, Carousel Management, and System Settings. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
An issue in V-SOL G/EPON ONU HG323AC-B with firmware version V2.0.08-210715 allows an attacker to execute arbtirary code and obtain sensitive information via crafted POST request to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
An issue was discovered in Archer Platform 6 before 2024.04. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Missing Authorization vulnerability in LeadConnector.7. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Parcel Panel ParcelPanel.8.1. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Brevo Sendinblue for WooCommerce allows Relative Path Traversal, Manipulating Web Input to File System. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The NPort 5100A Series firmware version v1.6 and prior versions are affected by web server XSS vulnerability. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
nscd: Stack-based buffer overflow in netgroup cache If the Name Service Cache Daemon's (nscd) fixed size cache is exhausted by client requests then a subsequent client request for netgroup data may. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Section Camera V2.5.5.3116-S50-SMA-B20160811 and earlier versions allow the accounts and passwords of administrators and users to be changed without authorization. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Insecure storage of the ICT MIFARE and DESFire encryption keys in the firmware binary allows malicious actors to create credentials for any site code and card number that is using the default ICT. Rated high severity (CVSS 8.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Memory corruption when the IOCTL call is interrupted by a signal. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
Memory corruption as GPU registers beyond the last protected range can be accessed through LPAC submissions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
Memory corruption when the channel ID passed by user is not validated and further used. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Memory corruption when the payload received from firmware is not as per the expected protocol size. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
Memory corruption when size of buffer from previous call is used without validation or re-initialization. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Memory corruption when IOMMU unmap of a GPU buffer fails in Linux. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
In wlan service, there is a possible out of bounds write due to improper input validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
WordOps through 3.20.0 has a wo/cli/plugins/stack_pref.py TOCTOU race condition because the conf_path os.open does not use a mode parameter during file creation. Rated high severity (CVSS 7.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Lucian Apostol Auto Affiliate Links.4.3.1. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Scribit GDPR Compliance.2.5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
nscd: netgroup cache assumes NSS callback uses in-buffer strings The Name Service Cache Daemon's (nscd) netgroup cache can corrupt memory when the NSS callback does not store all strings in the. Rated high severity (CVSS 7.4), this vulnerability is no authentication required. No vendor patch available.
LuckyFrameWeb v3.5.2 was discovered to contain an arbitrary read vulnerability via the fileDownload method in class com.luckyframe.project.common.CommonController. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Transient DOS while parsing a protected 802.11az Fine Time Measurement (FTM) frame. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Mateso PasswordSafe through 8.13.9.26689 has Weak Cryptography. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
spaces_plugin/app.py in SolidUI 0.4.0 has an unnecessary print statement for an OpenAI key. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
nscd: netgroup cache may terminate daemon on memory allocation failure The Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc or xrealloc and these functions may terminate the process due. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In keyInstall, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A vulnerability was found in Ruijie RG-UAC up to 20240428. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A vulnerability was found in Ruijie RG-UAC up to 20240428. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A vulnerability was found in Ruijie RG-UAC up to 20240428. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A vulnerability was found in Ruijie RG-UAC up to 20240428 and classified as critical.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.