Insufficient validation in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a local unauthenticated attacker to achieve code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Improper input validation in some Intel(R) Neural Compressor software before version v3.0 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. Rated high severity (CVSS 7.7), this vulnerability is no authentication required. No vendor patch available.
of confidentiality and integrity of controllers when conducting a Man-In-The-Middle attack between the controller and the engineering workstation while a valid user is establishing a communication. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
A full path disclosure in Cybele Software Thinfinity Workspace before v7.0.2.113 allows attackers to obtain the root path of the application via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An issue in how XINJE XD5E-24R and XL5E-16T v3.5.3b handles TCP protocol messages allows attackers to cause a Denial of Service (DoS) via a crafted TCP message. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Symphony process is a module for the Symphony PHP framework which executes commands in sub-processes. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability in the PROFINET stack implementation of the IndraDrive (all versions) of Bosch Rexroth allows an attacker to cause a denial of service, rendering the device unresponsive by sending. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
vulnerability exists that could cause retrieval of password hash that could lead to denial of service and loss of confidentiality and integrity of controllers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
The LUNA RADIO PLAYER plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 6.24.01.24 via the js/fallback.php file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An out-of-bounds write in IPsec of Ivanti Connect Secure before version 22.7R2.1(Not Applicable to 9.1Rx) allows a remote unauthenticated attacker to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An out of bounds read in Ivanti Connect Secure before version 22.7R2.3 allows a remote unauthenticated attacker to trigger an infinite loop, causing a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Cybele Software Thinfinity Workspace before v7.0.2.113 was discovered to contain an access control issue in the Create Profile section. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Improper neutralization of special elements used in SQL command in some Intel(R) Neural Compressor software before version v3.0 may allow an authenticated user to potentially enable escalation of. Rated high severity (CVSS 7.3). No vendor patch available.
Protection mechanism failure in the SPP for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.
In shouldHideDocument of ExternalStorageProvider.java, there is a possible bypass of a file path filter designed to prevent access to sensitive directories due to incorrect unicode normalization. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.
Insecure creation of temporary files allows local users on systems with non-default configurations to cause denial of service or set the encryption key for a filesystem. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.
The WP Project Manager - Task, team, and project management plugin featuring kanban board and gantt charts plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
A SQL injection vulnerability in printtool.php of Itsourcecode Construction Management System 1.0 allows remote attackers to execute arbitrary SQL commands via the borrow_id parameter. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A SQL injection vulnerability in print.php of Itsourcecode Construction Management System 1.0 allows remote attackers to execute arbitrary SQL commands via the map_id parameter. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.9 and Ivanti Policy Secure before version 22.7R1.1 and 9.1R18.9 allows a remote authenticated attacker with admin. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper input validation in some Intel(R) CIP software before version 2.4.10852 may allow a privileged user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.
Improper input validation in the Intel(R) Server Board S2600ST Family BIOS and Firmware Update software all versions may allow a privileged user to potentially enable escalation of privilege via. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.
Improper access control for some Intel(R) EMA software before version 1.13.1.0 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.0), this vulnerability is low attack complexity. No vendor patch available.
grub2 allowed attackers with access to the grub shell to access files on the encrypted disks. Rated high severity (CVSS 7.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.