A privilege escalation vulnerability in Palo Alto Networks PAN-OS software allows a PAN-OS administrator with access to the management web interface to perform actions on the firewall with root. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
The Google for WooCommerce plugin for WordPress is vulnerable to Information Disclosure in all versions up to, and including, 2.8.6. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability classified as critical was found in Altenergy Power Control Software up to 20241108. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in django CMS Association django-cms allows Cross-Site Scripting (XSS).11.7, 3.11.8, 4.1.2,. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
A vulnerability, which was classified as critical, has been found in Altenergy Power Control Software up to 20241108.php/display/database/. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Codeies Pvt Ltd Provide Forex Signals provide-forex-signals allows Stored XSS.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Offshorent Solutions Pvt Ltd OS Pricing Tables os-pricing-tables allows Stored XSS.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Offshorent Solutions Pvt Ltd OS BXSlider os-bxslider allows Stored XSS.6. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Offshorent Solutions Pvt Ltd OS Our Team os-our-team allows Stored XSS.7. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MartyThornley Photographer Connections photographer-connections allows Stored XSS.3.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Maximilian Ruthe Mage Front End Forms mage-forms allows Stored XSS.1.4. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sohelwpexpert WP Responsive Video my-wp-responsive-video allows DOM-Based XSS.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Santhosh veer Stylish Internal Links stylish-internal-links allows DOM-Based XSS.9. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in verkkovaraani Print PDF Generator and Publisher nopeamedia allows Stored XSS.1.6. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Md. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AA Extensions AA Audio Player aa-audio-player allows DOM-Based XSS.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpwebsitecreator Website remote Install vor Gravity, WPForms, Formidable, Ninja, Caldera. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in JavierMendezPWG SimpleGMaps simplegmaps allows Stored XSS.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RobertoAlicata ra_qrcode ra-qrcode allows Stored XSS.1.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpjobportal WP Job Portal wp-job-portal allows Stored XSS.2.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Linear Oy Linear linear allows DOM-Based XSS.8.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vladislav Urchenko Drozd - Addons for Elementor drozd-addons-for-elementor allows Stored XSS.1.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themifyme Themify Builder themify-builder allows Stored XSS.6.5. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Terry L. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Clipboard Agency Copy Anything to Clipboard copy-the-code allows Stored XSS.0.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
An XML External Entity (XXE) vulnerability in the Import object and Translation Memory import functionalities of WorldServer v11.8.2 to access sensitive information and execute arbitrary commands via. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Incorrect access control in QuickHeal Antivirus Pro 24.1.0.182 and earlier allows authenticated attackers with low-level privileges to arbitrarily modify antivirus settings. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Incorrect object re-cycling and re-use vulnerability in Apache Tomcat. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A low privileged remote attacker can overwrite an arbitrary file on the filesystem which may lead to an arbitrary file read with root privileges. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Delinea Privilege Manager before 12.0.2 mishandles the security of the Windows agent. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.
In Bitcoin Core before 25.1, an attacker can cause a node to not download the latest block, because there can be minutes of delay when an announcing peer stalls instead of complying with the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Bitcoin Core before 22.0 has a CAddrMan nIdCount integer overflow and resultant assertion failure (and daemon exit) via a flood of addr messages. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Bitcoin-Qt in Bitcoin Core before 0.20.0 allows remote attackers to cause a denial of service (memory consumption and application crash) via a BIP21 r parameter for a URL that has a large file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Bitcoin Core before 22.0 has a miniupnp infinite loop in which it allocates memory on the basis of random data received over the network, e.g., large M-SEARCH replies from a fake UPnP device. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
The Elfsight Telegram Chat CC plugin for WordPress is vulnerable to unauthorized modification of data to a missing capability check on the 'updatePreferences' function in all versions up to, and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This HTTP Request/Response Smuggling vulnerability could allow attackers to manipulate HTTP request interpretation between frontend and backend servers.
Incorrect object recycling and reuse vulnerability in Apache Tomcat.0.0, 10.1.31, 9.0.96. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A low privileged remote attacker may gain access to forbidden diagnostic data due to incorrect permission assignment for critical resources. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A NULL pointer dereference in the component libPdfCore.dll of Wondershare PDF Reader v1.0.9.2544 allows attackers to cause a Denial of Service (DoS) via a crafted PDF file. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
The DVC from TRCore encrypts files using a hardcoded key. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Cross Site Scripting vulnerability in Ferozo Email version 1.1 allows a local attacker to execute arbitrary code via a crafted payload to the PDF preview component. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A low privileged remote attacker may modify the docker settings setup of the device, leading to a limited DoS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A cross-site scripting (XSS) vulnerability in LemonLDAP::NG before 2.20.1 allows remote attackers to inject arbitrary web script or HTML via the url parameter of the upgrade session confirmation page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
An issue was discovered in Veritas Enterprise Vault before 15.1 UPD882911, ZDI-CAN-24698. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
An issue was discovered in Veritas Enterprise Vault before 15.1 UPD882911, ZDI-CAN-24697. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
An issue was discovered in Veritas Enterprise Vault before 15.1 UPD882911, ZDI-CAN-24696. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
An issue was discovered in Veritas Enterprise Vault before 15.1 UPD882911, ZDI-CAN-24695. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
GLPI is a free asset and IT management software package. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.
Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and force the application to read unintended heap memory. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and force the application to read unintended heap memory. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.