A security flaw has been discovered in Solvait version 24.4.2 that allows an attacker to elevate their privileges. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A reflected cross-site scripting (XSS) vulnerability in Elaine's Realtime CRM Automation v6.18.17 allows attackers to execute arbitrary JavaScript code in the web browser of a user via injecting a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
itsourcecode Placement Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via the Full Name field in registration.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
D-Link COVR-2600R FW101b05 is vulnerable to Buffer Overflow. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Krayin CRM v1.3.0 is vulnerable to Cross Site Scripting (XSS) via the organization name field in /admin/contacts/organizations/edit/2. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Improper access removal handling in firmware of some Solidigm DC Products may allow an attacker with physical access to gain unauthorized access. Rated medium severity (CVSS 6.7). No vendor patch available.
The E2EE password entropy generated by Rocket.Chat Mobile prior to version 4.5.1 is insufficient, allowing attackers to crack it if they have the appropriate time and resources. Rated medium severity (CVSS 6.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Memory corruption while unmapping the fastrpc map when two threads can free the same map in concurrent scenario. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
Memory corruption while invoking IOCTL calls for MSM module from the user space during audio playback and record. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
Memory corruption while sending the persist buffer command packet from the user-space to the kernel space through the IOCTL call. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
Memory corruption during the network scan request. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
Memory corruption is possible when an attempt is made from userspace or console to write some haptics effects pattern to the haptics debugfs file. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
Memory corruption when a process invokes IOCTL calls from user-space to create a HAB virtual channel and another process invokes IOCTL calls to destroy the same. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In power, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In power, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In vdec, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
OnlineNewsSite v1.0 is vulnerable to Cross Site Scripting (XSS) which allows attackers to execute arbitrary code via the Title and summary fields in the /admin/post/edit/ endpoint. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.
Saltcorn is an extensible, open source, no-code database application builder. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper error handling in firmware of some SSD DC Products may allow an attacker to enable denial of service. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.
IoT Haat Smart Plug IH-IN-16A-S IH-IN-16A-S v5.16.1 suffers from Insufficient Session Expiration. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
SQL injection vulnerability in SOPlanning <1.45, via /soplanning/www/user_groupes.php in the by parameter, which could allow a remote user to submit a specially crafted query, allowing an attacker to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
SQL injection vulnerability in SOPlanning <1.45, through /soplanning/www/groupe_list.php, in the by parameter, which could allow a remote user to send a specially crafted query and extract all the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Meshtastic is an open source, off-grid, decentralized, mesh network built to run on affordable, low-power devices. Rated medium severity (CVSS 6.4), this vulnerability is no authentication required. No vendor patch available.
Cross Site Scripting vulnerability in LimeSurvey before 6.5.0+240319 allows a remote attacker to execute arbitrary code via a lack of input validation and output encoding in the Alert Widget's. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
Cross Site Scripting vulnerability in LimeSurvey before 6.5.12+240611 allows a remote attacker to execute arbitrary code via a crafted script to the title and comment fields. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
Improper resource management in firmware of some Solidigm DC Products may allow an attacker to potentially enable denial of service. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Discourse is an open source platform for community discussion. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Information disclosure while sending implicit broadcast containing APP launch information. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.
TP-Link WR740N V6 has a stack overflow vulnerability via the ssid parameter in /userRpm/popupSiteSurveyRpm.htm url. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
WikiDiscover is an extension designed for use with a CreateWiki managed farm to display wikis. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
InvenTree is an Open Source Inventory Management System. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
Cross-Site Scripting (XSS) vulnerability in SOPlanning <1.45, due to lack of proper validation of user input via /soplanning/www/process/groupe_save.php, in the groupe_id parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Cross-Site Scripting (XSS) vulnerability in SOPlanning <1.45, due to lack of proper validation of user input via /soplanning/www/process/xajax_server.php, affecting multiple parameters. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Stylemix uListing ulisting.1.5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Lara-zeus Dynamic Dashboard simple way to manage widgets for your website landing page, and filament dashboard and Lara-zeus artemis is a collection of themes for the lara-zeus ecosystem. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
CreateWiki is an extension used at Miraheze for requesting & creating wikis. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
In some Solidigm DC Products, a defect in device overprovisioning may provide information disclosure to an attacker. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required. No vendor patch available.
BlueCMS 1.6 suffers from Arbitrary File Deletion via the file_name parameter in an /admin/database.php?act=del request. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
In wlan driver, there is a possible out of bounds read due to improper input validation. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper resource shutdown in middle of certain operations on some Solidigm DC Products may allow an attacker to potentially enable denial of service. Rated medium severity (CVSS 4.4). No vendor patch available.
Race condition during resource shutdown in some Solidigm DC Products may allow an attacker to potentially enable denial of service. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
Improper resource initialization handling in firmware of some Solidigm DC Products may allow an attacker to potentially enable denial of service. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
In vdec, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
In m4u, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
In m4u, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
In vdec, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
In vdec, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.