IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4, and 8.0 through 8.0.0.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
IBM App Connect Enterprise 11.0.0.1 through 11.0.0.25 and 12.0.1.0 through 12.0.12.0 is vulnerable to HTML injection. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
The ShopLentor (formerly WooLentor) plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the purchased_new_products function in all versions up to,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Gutenify.4.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Insertion of Sensitive Information Into Sent Data vulnerability in RadiusTheme ShopBuilder - Elementor WooCommerce Builder Addons shopbuilder.1.8. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Academy LMS academy.9.25. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Insertion of Sensitive Information Into Sent Data vulnerability in Dmitry V. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Insertion of Sensitive Information into Log File vulnerability in AlexaCRM Dynamics 365 Integration.3.17. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Automattic WP Job Manager.2.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Ninja Team Filebird.6.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The YITH WooCommerce Gift Cards plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_mail_status' and 'save_email_settings' functions. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The Swift Framework plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the sf_edit_directory_item() function in all versions up to, and. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Missing Authorization vulnerability in WP Club Manager WP Club Manager wp-club-manager.2.11. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The White Label CMS plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the reset_plugin function in all versions up to, and including, 2.7.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
sshpiper is a reverse proxy for sshd. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In WhatsUp Gold versions released before 2023.1.2 , a blind SSRF vulnerability exists in Whatsup Gold's FaviconController that allows an attacker to send arbitrary HTTP requests on behalf of the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An unauthenticated user can trigger a fatal assertion in the server while generating ftdc diagnostic metrics due to attempting to build a BSON object that exceeds certain memory sizes.0 versions. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
php-censor v2.1.4 and fixed in v.2.1.5 was discovered to utilize a weak hashing algorithm for its remember_key value. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
PrestaShop is an open source e-commerce web application. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
TYPO3 is an enterprise content management system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.
A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability, which was classified as critical, was found in Ruijie RG-UAC up to 20240506. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A vulnerability, which was classified as critical, has been found in Ruijie RG-UAC up to 20240506. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A vulnerability classified as critical was found in Ruijie RG-UAC up to 20240506. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A vulnerability classified as critical has been found in Ruijie RG-UAC up to 20240506. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A vulnerability classified as problematic has been found in DedeCMS 5.7.114. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
MantisBT (Mantis Bug Tracker) is an open source issue tracker. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.
A Segmentation Fault issue discovered in Samsung Open Source Escargot JavaScript engine allows remote attackers to cause a denial of service via crafted input.0.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Improper Input Validation vulnerability in Samsung Open Source escargot JavaScript engine allows Overflow Buffers. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS. Rated medium severity (CVSS 5.2), this vulnerability is low attack complexity. No vendor patch available.
A path handling issue was addressed with improved validation. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required. No vendor patch available.
The Proofpoint Encryption endpoint of Proofpoint Enterprise Protection contains a Server-Side Request Forgery vulnerability that allows an authenticated user to relay HTTP requests from the. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A low privileged remote attacker can use a command injection vulnerability in the API which performs remote code execution as the user-app user due to improper input validation. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
SAP Replication Server allows an attacker to use gateway for executing some commands to RSSD. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
An issue was discovered in linqi before 1.4.0.1 on Windows. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.
A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.
A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.
A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.
A vulnerability has been identified in JT2Go (All versions < V2312.0005), Teamcenter Visualization V14.2 (All versions < V14.2.0.12), Teamcenter Visualization V14.3 (All versions < V14.3.0.10),. Rated medium severity (CVSS 4.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross-Site Scripting (XSS) through /admin/BackupSchedule, description field. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross-Site Scripting (XSS) through /admin/BackupTemplate, name / description fields. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross-Site Scripting (XSS) through /admin/AdvancedSystem, description field, all parameters. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross-Site Scripting (XSS) through /admin/CloudAccounts, account name / user password / server fields, all parameters. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross-Site Scripting (XSS) through /admin/DeviceReplication, execution range field, all parameters. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross-Site Scripting (XSS) through /admin/SystemConfiguration, name / free memory limit fields , type / password parameters. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross-Site Scripting (XSS) through /admin/SystemUsers, login / description fields, passwd1/ passwd2 parameters. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Sylius is an open source eCommerce platform. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
MantisBT (Mantis Bug Tracker) is an open source issue tracker. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
Race condition vulnerability in the binder driver module Impact: Successful exploitation of this vulnerability will affect availability. Rated medium severity (CVSS 4.7). No vendor patch available.
Globitel KSA SpeechLog v8.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Save Query function. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.