Vulnerability in Scriptcase version 9.4.019 that consists of a Cross-Site Scripting (XSS), due to the lack of input validation, affecting the “id_form_msg_title” parameter, among others. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Proxmox Virtual Environment is an open-source server management platform for enterprise virtualization. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable. No vendor patch available.
A vulnerability in the SSH server of Cisco Catalyst Center, formerly Cisco DNA Center, could allow an unauthenticated, remote attacker to impersonate a Cisco Catalyst Center appliance. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Strawberry GraphQL is a library for creating GraphQL APIs. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.
Gigastone TR1 Travel Router R101 v1.0.2 is vulnerable to Command Injection. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.
VLC media player 3.0.20 and earlier is vulnerable to denial of service through an integer overflow which could be triggered with a maliciously crafted mms stream (heap based overflow). Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Unquoted Search Path or Element vulnerability in Grafana Agent (Flow mode) on Windows allows Privilege Escalation from Local User to SYSTEM43.2. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Unquoted Search Path or Element vulnerability in Grafana Alloy on Windows allows Privilege Escalation from Local User to SYSTEM3.3, from 1.4.0-rc.0 through 1.4.0-rc.1. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In Progress Telerik UI for WPF versions prior to 2024 Q3 (2024.3.924), a code execution attack is possible through an insecure deserialization vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In Progress Telerik UI for WinForms versions prior to 2024 Q3 (2024.3.924), a command injection attack is possible through improper neutralization of hyperlink elements. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
The The Special Text Boxes plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 6.2.4. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An issue was discovered in AdaCore ada_web_services 20.0 allows an attacker to escalate privileges and steal sessions via the Random_String() function in the src/core/aws-utils.adb module. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability in the HTTP Server feature of Cisco IOS XE Software when the Telephony Service feature is enabled could allow an unauthenticated, remote attacker to cause a denial of service (DoS). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability in the Resource Reservation Protocol (RSVP) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Directory Traversal vulnerability in Centro de Tecnologia da Informaco Renato Archer InVesalius3 v3.1.99995 allows attackers to write arbitrary files unto the system via a crafted .inv3 file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
OpenSlides 4.0.15 verifies passwords by comparing password hashes using a function with content-dependent runtime. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
OpenSlides 4.0.15 was discovered to be using a weak hashing algorithm to store passwords. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Improper Handling of Exceptional Conditions vulnerability in the WatchGuard Single Sign-On Client on Windows causes the client to crash while handling malformed commands. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
When multiple devices share resources and one of them is to be passed through to a guest, security of the entire system and of respective guests individually cannot really be guaranteed without. Rated high severity (CVSS 7.5). This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.
Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, "RMRR") for Intel VT-d or Unity Mapping ranges for AMD-Vi. Rated high severity (CVSS 7.5). This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.
An unauthenticated remote attacker can causes the CODESYS web server to access invalid memory which results in a DoS. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Rocket.Chat 6.12.0, 6.11.2, 6.10.5, 6.9.6, 6.8.6, 6.7.8, and before is vulnerable to a message forgery / impersonation issue. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Rocket.Chat 6.12.0, 6.11.2, 6.10.5, 6.9.6, 6.8.6, 6.7.8, and earlier is vulnerable to denial of service (DoS). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
In Apache Linkis <= 1.5.0, a Random string security vulnerability in Spark EngineConn, random string generated by the Token when starting Py4j uses the Commons Lang's RandomStringUtils. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The Contact Form to Any API plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Contact Form 7 form fields in all versions up to, and including, 1.2.4 due to insufficient input. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The Thanh Toán Quét Mã QR Code Tự Động - MoMo, ViettelPay, VNPay và 40 ngân hàng Việt Nam plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.0.1. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An issue in TheGreenBow Windows Standard VPN Client 6.87.108 (and older), Windows Enterprise VPN Client 6.87.109 (and older), Windows Enterprise VPN Client 7.5.007 (and older), Android VPN Client. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In x86's APIC (Advanced Programmable Interrupt Controller) architecture, error conditions are reported in a status register. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
The Prisna GWT - Google Website Translator plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.11 via deserialization of untrusted input from the. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.
The WordPress Simple HTML Sitemap plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 3.1 due to insufficient escaping on the user. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.
The Uncanny Groups for LearnDash plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 6.1.0.1. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themepoints Testimonials super-testimonial allows Reflected XSS.0.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The Uncanny Groups for LearnDash plugin for WordPress is vulnerable to user group add due to a missing capability check on the /wp-json/ulgm_management/v1/add_user/ REST API endpoint in all versions. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in livemesh Livemesh Addons for Elementor addons-for-elementor allows Cross-Site Scripting (XSS).5. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Library MDF (mdflib) v2.1 is vulnerable to a heap-based buffer overread via a crafted mdf4 file is parsed using the ReadData function. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability in Cisco Unified Threat Defense (UTD) Snort Intrusion Prevention System (IPS) Engine for Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass configured. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability in the web UI feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
HCL Nomad server on Domino is affected by an open proxy vulnerability in which an unauthenticated attacker can mask their original source IP address. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Authorization bypass in the PAM access request approval mechanism in Devolutions Server 2024.2.10 and earlier allows authenticated users with permissions to approve their own requests, bypassing. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The Daily Prayer Time plugin for WordPress is vulnerable to SQL Injection via the 'max_word' attribute of the 'quran_verse' shortcode in all versions up to, and including, 2024.08.26 due to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.
The MAS Static Content plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.0.8 via the static_content() function. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.
IBM Storage Defender 2.0.0 through 2.0.7 on-prem defender-sensor-cmd CLI does not validate server name during registration and unregistration operations which could expose sensitive information to an. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The Themesflat Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widgets like 'TF E Slider Widget', 'TF Video Widget', 'TF Team Widget' and more in. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The WP GPX Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sgpx' shortcode in all versions up to, and including, 1.7.08 due to insufficient input sanitization. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The WP Category Dropdown plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'align' parameter in all versions up to, and including, 1.8 due to insufficient input sanitization. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘piechart_settings’ parameter in all versions up to, and including, 8.5 due to insufficient. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
The Confetti Fall Animation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'confetti-fall-animation' shortcode in all versions up to, and including, 1.3.1 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The Spreadsheet Integration - Automate Google Sheets With WordPress, WooCommerce & Most Popular Form Plugins. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Apache Hadoop’s RunJar.run() does not set permissions for temporary directory by default. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity.
A vulnerability in the UDP packet validation code of Cisco SD-WAN vEdge Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected system. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required. No vendor patch available.