An attacker with admin access can install rogue applications. Rated medium severity (CVSS 6.7), this vulnerability is no authentication required. No vendor patch available.
The Toshiba printers do not implement privileges separation. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
Toshiba printers will display the password of the admin user in clear-text and additional passwords when sending 2 specific HTTP requests to the internal API. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The Gutenberg Blocks with AI by Kadence WP - Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘titleFont’ parameter in all versions up to, and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Custom JS option in versions up to, and including, 9.0.38. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
An issue in the LB-LINK BL-W1210M v2.0 router allows attackers to bypass password complexity requirements and set single digit passwords for authentication. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
all the Toshiba printers have programs containing a hardcoded key used to encrypt files. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
All the Toshiba printers contain a shell script using the same hardcoded key to encrypt logs. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
All the Toshiba printers contain a shell script using the same hardcoded key to encrypt logs. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Passwords are stored in clear-text logs. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
The Open Link is a CKEditor plugin, extending context menu with a possibility to open link in a new tab. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An open redirect issue was discovered in Kibana that could lead to a user being redirected to an arbitrary website if they use a maliciously crafted Kibana URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Mattermost Desktop App versions <=5.7.0 fail to correctly prompt for permission when opening external URLs which allows a remote attacker to force a victim over the Internet to run arbitrary programs. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Toshiba printers provide a web interface that will load the JavaScript file. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Toshiba printers use XML communication for the API endpoint provided by the printer. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Toshiba printers use XML communication for the API endpoint provided by the printer. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Use of Web Browser Cache Containing Sensitive Information vulnerability in Apache Airflow. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
Function vulnerabilities in the Calendar module Impact: Successful exploitation of this vulnerability will affect availability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Memory management vulnerability in the Gralloc module Impact: Successful exploitation of this vulnerability will affect availability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Out-of-bounds read vulnerability in the audio module Impact: Successful exploitation of this vulnerability will affect availability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Memory management vulnerability in the boottime module Impact: Successful exploitation of this vulnerability can affect integrity. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Privilege escalation vulnerability in the AMS module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Vulnerability of unauthorized screenshot capturing in the WMS module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Nextcloud Server is a self hosted personal cloud system. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.
Missing Authorization vulnerability in brewlabs SendPress Newsletters sendpress allows Exploiting Incorrectly Configured Access Control Security Levels.26.1.20. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
StorageGRID (formerly StorageGRID Webscale) versions prior to 11.7.0.9 and 11.8.0.5 are susceptible to disclosure of sensitive information via complex MiTM attacks due to a vulnerability in the SSH. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required.
Improper neutralization of input during web page generation vulnerability in 2ClickPortal software allows reflected cross-site scripting (XSS). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Missing Authorization vulnerability in WPManageNinja LLC Ninja Tables.0.5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The parameter used in the certain page of ASUS Download Master is not properly filtered for user input. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The parameter used in the certain page of ASUS Download Master is not properly filtered for user input. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
user_oidc app is an OpenID Connect user backend for Nextcloud. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Admin cookies are written in clear-text in logs. Rated medium severity (CVSS 4.7). No vendor patch available.
The Nextcloud Notes app is a distraction free notes taking app for Nextcloud. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity.
Nextcloud Calendar is a calendar app for Nextcloud. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity.
The Folders and Folders Pro plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.0 in Folders and 3.0.2 in Folders Pro via the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Local privilege escalation due to insecure folder permissions. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
Remote Command program allows an attacker to read any file using a Local File Inclusion vulnerability. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.
The Simple Sitemap - Create a Responsive HTML Sitemap plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.5.13. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The Schema App Structured Data plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.
Nextcloud Server is a self hosted personal cloud system. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.
DoS in KAS in GitLab CE/EE affecting all versions from 16.10.0 prior to 16.10.6 and 16.11.0 prior to 16.11.3 allows an attacker to crash KAS via crafted gRPC requests. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
HCL DRYiCE Optibot Reset Station is impacted by a missing Strict Transport Security Header. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Nextcloud Server is a self hosted personal cloud system. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity.
Nextcloud Photos is a photo management app. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity.
Mattermost Desktop App versions <=5.7.0 fail to disable certain Electron debug flags which allows for bypassing TCC restrictions on macOS. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
Vulnerability of insufficient permission verification in the NearLink module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
HCL DRYiCE Optibot Reset Station is impacted by an Unused Parameter in the web application. Rated low severity (CVSS 2.9), this vulnerability is no authentication required. No vendor patch available.