The RFC enabled function module allows a low privileged user to perform denial of service on any user and also change or delete favourite nodes. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The RFC enabled function module allows a low privileged user to perform various actions, such as modifying the URLs of any user's favourite nodes and workbook ID. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The RFC enabled function module allows a low privileged user to delete the workplace favourites of any user. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Pluto is a superset of Lua 5.4 with a focus on general-purpose programming. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Missing authentication in Network Isolation of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to spoof Network Isolation status of managed devices. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The EventPrime - Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized access to Private or Password-protected events due to missing authorization checks in all. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP2). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A vulnerability has been identified in SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (All versions < V4.2), SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) (All versions < V4.2), SIMATIC Reader. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.2 SP2). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
An unauthenticated remote attacker can exploit the behavior of the pathfinder TCP encapsulation service by establishing a high number of TCP connections to the pathfinder TCP encapsulation service. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.2 SP2). Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity.
The Community by PeepSo - Social Network, Membership, Registration, User Profiles plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 6.4.5.0 due. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The Community by PeepSo - Social Network, Membership, Registration, User Profiles plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘content’ parameter in all versions up to,. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Due to insufficient encoding of user-controlled inputs, SAP NetWeaver AS Java allows malicious scripts to be executed in the login application. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
serve-static serves static files. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
Send is a library for streaming files from the file system as a http response. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
Express.js minimalist web framework for node. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
SAP NetWeaver Enterprise Portal is vulnerable to reflected cross site scripting due to insufficient encoding of user-controlled input. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
A cleartext storage of sensitive information in memory vulnerability [CWE-316] affecting FortiClient VPN iOS 7.2 all versions, 7.0 all versions, 6.4 all versions, 6.2 all versions, 6.0 all versions. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Out-of-Bounds read vulnerability in OSCAT Basic Library allows an local, unprivileged attacker to access limited internal data of the PLC which may lead to a crash of the affected service. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
Dell PowerScale InsightIQ, version 5.0, contain a Use of hard coded Credentials vulnerability. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
Dell PowerScale InsightIQ, version 5.1, contain an Improper Privilege Management vulnerability. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
Microsoft SQL Server Native Scoring Information Disclosure Vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.
Microsoft SQL Server Native Scoring Information Disclosure Vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.
IBM OpenPages 8.3 and 9.0 potentially exposes information about client-side source code through use of JavaScript source maps to unauthorized users. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Under certain conditions Statutory Reports in SAP S/4 HANA allows an attacker with basic privileges to access information which would otherwise be restricted. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Marinus Pfund, member of the AXIS OS Bug Bounty Program, has found the VAPIX API ledlimit.cgi was vulnerable for path traversal attacks allowing to list folder/file names on the local file system of. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Due to missing authorization check in SAP for Oil & Gas (Transportation and Distribution), an attacker authenticated as a non-administrative user could call a remote-enabled function which will allow. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.
The RFC enabled function module allows a low privileged user to add any workbook to any user's workplace favourites. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The RFC enabled function module allows a low privileged user to add URLs to any user's workplace favourites. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Due to missing authorization checks, SAP Business Warehouse (BEx Analyzer) allows an authenticated attacker to access information over the network which is otherwise restricted. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The RFC enabled function module allows a low privileged user to read any user's workplace favourites and user menu along with all the specific data of each node. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Due to missing authorization checks, SAP BEx Analyzer allows an authenticated attacker to access information over the network which is otherwise restricted. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.