In snapd versions prior to 2.62, when using AppArmor for enforcement of sandbox permissions, snapd failed to restrict writes to the $HOME/bin path. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. Public exploit code available.
A command-injection issue in the Certificate Signing Request (CSR) functionality in R-HUB TurboMeeting through 8.x allows authenticated attackers with administrator privileges to execute arbitrary. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
An arbitrary file upload vulnerability in Webkul Qloapps v1.6.0.0 allows attackers to execute arbitrary code via uploading a crafted file. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Softaculous Webuzo contains a command injection vulnerability in the FTP management functionality. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Softaculous Webuzo contains a command injection in the password reset functionality. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Insecure permissions in kuma v2.7.0 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The LearnPress - WordPress LMS Plugin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.2.6.8.2 via the 'render_content_block_template' function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.
In Spring Cloud Data Flow versions prior to 2.11.4, a malicious user who has access to the Skipper server api can use a crafted upload request to write an arbitrary file to any location on the file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Positron Broadcast Signal Processor TRA7005 v1.20 is vulnerable to an authentication bypass exploit that could allow an attacker to have unauthorized access to protected areas of the application. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
There is an elevation of privilege vulnerability in server and client components of Absolute Secure Access prior to version 13.07. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.
Craft is a content management system (CMS). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.
In snapd versions prior to 2.62, snapd failed to properly check the destination of symbolic links when extracting a snap. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.
Vulnerability of serialisation/deserialisation mismatch in the iAware module. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.
Memory request logic vulnerability in the memory module. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.