Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HasThemes HT Builder - WordPress Theme Builder for Elementor ht-builder allows Stored XSS.3.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodeRevolution WP Pocket URLs wp-pocket-urls allows Stored XSS.0.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CrestaProject Cresta Addons for Elementor cresta-addons-for-elementor allows Stored XSS.0.9. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Marcel Pol Elo Rating Shortcode elo-rating-shortcode allows Stored XSS.0.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ajay Knowledge Base knowledgebase allows Stored XSS.2.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Transient DOS while processing the CU information from RNR IE. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.
Transient DOS while parsing BTM ML IE when per STA profile is not included. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.
Transient DOS while parsing fragments of MBSSID IE from beacon frame. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
Transient DOS as modem reset occurs when an unexpected MAC RAR (with invalid PDU length) is seen at UE. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.
In da, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michael Gangolf Accordion title for Elementor accordion-title-for-elementor allows Stored XSS.2.1. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
There exists a Path Traversal vulnerability in Safearchive on Platforms with Case-Insensitive Filesystems (e.g., NTFS). Rated medium severity (CVSS 5.9), this vulnerability is low attack complexity.
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
loona is an experimental, HTTP/1.1 and HTTP/2 implementation in Rust on top of io-uring. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 9820, 9825, 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, Modem 5123,. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Insufficiently protected credentials in DAV server settings in 1C-Bitrix Bitrix24 23.300.100 allow remote administrators to read proxy-server accounts passwords via HTTP GET request. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Insufficiently protected credentials in AD/LDAP server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to send AD/LDAP administrators account passwords to an arbitrary server. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Insufficiently protected credentials in SMTP server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to send SMTP account passwords to an arbitrary server via HTTP POST request. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
This vulnerability exists in TP-Link IoT Smart Hub due to storage of Wi-Fi credentials in plain text within the device firmware. Rated medium severity (CVSS 4.4), this vulnerability is no authentication required. No vendor patch available.
In vdec, there is a possible out of bounds read due to improper structure design. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
In vdec, there is a possible out of bounds read due to improper structure design. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
In vdec, there is a possible out of bounds read due to improper structure design. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
In vdec, there is a possible out of bounds read due to improper structure design. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
In isp, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.