Memory management vulnerability in the boottime module Impact: Successful exploitation of this vulnerability can affect integrity. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Privilege escalation vulnerability in the AMS module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Vulnerability of unauthorized screenshot capturing in the WMS module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Nextcloud Server is a self hosted personal cloud system. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.
Missing Authorization vulnerability in brewlabs SendPress Newsletters sendpress allows Exploiting Incorrectly Configured Access Control Security Levels.26.1.20. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
StorageGRID (formerly StorageGRID Webscale) versions prior to 11.7.0.9 and 11.8.0.5 are susceptible to disclosure of sensitive information via complex MiTM attacks due to a vulnerability in the SSH. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required.
Improper neutralization of input during web page generation vulnerability in 2ClickPortal software allows reflected cross-site scripting (XSS). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Missing Authorization vulnerability in WPManageNinja LLC Ninja Tables.0.5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The parameter used in the certain page of ASUS Download Master is not properly filtered for user input. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The parameter used in the certain page of ASUS Download Master is not properly filtered for user input. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
user_oidc app is an OpenID Connect user backend for Nextcloud. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Admin cookies are written in clear-text in logs. Rated medium severity (CVSS 4.7). No vendor patch available.
The Nextcloud Notes app is a distraction free notes taking app for Nextcloud. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity.
Nextcloud Calendar is a calendar app for Nextcloud. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity.
The Folders and Folders Pro plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.0 in Folders and 3.0.2 in Folders Pro via the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Local privilege escalation due to insecure folder permissions. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
Remote Command program allows an attacker to read any file using a Local File Inclusion vulnerability. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.
The Simple Sitemap - Create a Responsive HTML Sitemap plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.5.13. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The Schema App Structured Data plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.
Nextcloud Server is a self hosted personal cloud system. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.
DoS in KAS in GitLab CE/EE affecting all versions from 16.10.0 prior to 16.10.6 and 16.11.0 prior to 16.11.3 allows an attacker to crash KAS via crafted gRPC requests. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.