An authenticated attacker can bypass Server-Side Request Forgery (SSRF) protection in Microsoft Copilot Studio to leak sensitive information over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.
matrix-react-sdk is a react-based SDK for inserting a Matrix chat/voip client into a web page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Logsign Unified SecOps Platform Directory Traversal Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Calling `PK11_Encrypt()` in NSS using CKM_CHACHA20 and the same buffer for input and output can result in plaintext on an Intel Sandy Bridge processor. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The date picker could partially obscure security prompts. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
ANGLE failed to initialize parameters which lead to reading from uninitialized memory. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Select options could obscure the fullscreen notification dialog. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Insertion of sensitive information into sent data issue exists in Cybozu Office 10.0.0 to 10.8.6, which may allow a user who can login to the product to view data that the user does not have access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A Reflected Cross-site scripting (XSS) vulnerability exists in '/search' in microweber 2.0.15 and earlier allowing unauthenticated remote attackers to inject arbitrary web script or HTML via the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
An unauthenticated attacker can exploit improper neutralization of input during web page generation in Microsoft Dynamics 365 to spoof over a network by tricking a user to click on a link. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
The contextual menu for links could provide an opportunity for cross-site scripting attacks This vulnerability affects Firefox for iOS < 129. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Long pressing on a download link could potentially provide a means for cross-site scripting This vulnerability affects Firefox for iOS < 129. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Long pressing on a download link could potentially allow Javascript commands to be executed within the browser This vulnerability affects Firefox for iOS < 129. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability was discovered in the firmware builds up to 10.10.2.2 in Poly Clariti Manager devices. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Firefox adds web-compatibility shims in place of some tracking scripts blocked by Enhanced Tracking Protection. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Cross-Site Scripting (XSS) vulnerability in School Event Management System affecting version 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Cross-Site Scripting (XSS) vulnerability in School Event Management System affecting version 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Cross-Site Scripting (XSS) vulnerability in School Event Management System affecting version 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Cross-Site Scripting (XSS) vulnerability in School Event Management System affecting version 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Cross-Site Scripting (XSS) vulnerability in School Event Management System affecting version 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Cross-Site Scripting (XSS) vulnerability in School Event Management System affecting version 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Cross-Site Scripting (XSS) vulnerability in School Attendance Monitoring System and School Event Management System affecting version 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Cross-Site Scripting (XSS) vulnerability in School Attendance Monitoring System and School Event Management System affecting version 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Cross-Site Scripting (XSS) vulnerability in School Attendance Monitoring System and School Event Management System affecting version 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Cross-Site Scripting (XSS) vulnerability in School Attendance Monitoring System and School Event Management System affecting version 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Cross-Site Scripting (XSS) vulnerability in School Attendance Monitoring System and School Event Management System affecting version 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Cross-Site Scripting (XSS) vulnerability in School Attendance Monitoring System and School Event Management System affecting version 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Cross-Site Scripting (XSS) vulnerability in School Attendance Monitoring System and School Event Management System affecting version 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Cross-Site Scripting (XSS) vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Cross-Site Scripting (XSS) vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Cross-Site Scripting (XSS) vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Cross-Site Scripting (XSS) vulnerability in E-Negosyo System affecting version 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Cross-Site Scripting (XSS) vulnerability in E-Negosyo System affecting version 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Cross-Site Scripting (XSS) vulnerability in E-Negosyo System affecting version 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Cross-Site Scripting (XSS) vulnerability in E-Negosyo System affecting version 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
oFono QMI SMS Handling Out-Of-Bounds Read Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
A vulnerability was discovered in the firmware builds up to 10.10.2.2 in Poly Clariti Manager devices. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The Folders - Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
HaloITSM versions up to 2.146.1 are affected by a Stored Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The WPBakery Visual Composer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link’ parameter in all versions up to, and including, 7.7 due to insufficient input. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Soft AP daemon accessed via the PAPI protocol. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Soft AP daemon accessed via the PAPI protocol. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Soft AP daemon accessed via the PAPI protocol. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the AP Certificate Management daemon accessed via the PAPI protocol. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the AP Certificate Management daemon accessed via the PAPI protocol. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
HaloITSM versions up to 2.146.1 are affected by a Template Injection vulnerability within the engine used to generate emails. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In certain cases, Zscaler Internet Access (ZIA) can be disabled by PowerShell commands with admin rights. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
1Password 8 before 8.10.38 for macOS allows local attackers to exfiltrate vault items by bypassing macOS-specific security mechanisms. Rated medium severity (CVSS 4.7). No vendor patch available.
Inappropriate implementation in Fullscreen in Google Chrome on Android prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to spoof the contents of. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.