An issue in INOVANCE AM401_CPU1608TPTN allows a remote attacker to execute arbitrary code via the ExecuteUserProgramUpgrade function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Unrestricted file upload via security bypass in Convert Forms component for Joomla in versions before 4.4.8. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In JetBrains YouTrack before 2024.3.51866 system takeover was possible through path traversal in plugin sandbox. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Infinix devices contain a pre-loaded "com.transsion.agingfunction" application, that exposes an unsecured broadcast receiver. Rated critical severity (CVSS 9.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.