The s2Member - Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The User Role Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.64.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
control of the device when an authenticated user installs malicious code into HMI product. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Default credentials are used in the above listed BD Diagnostic Solutions products. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.
A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, may force an Out-of-Bounds Write vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can be used to cause a Heap-based Overflow vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can be used to cause a Heap-based Overflow vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, may force an Out-of-Bounds Write vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, may force an Out-of-Bounds Write vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, may force an Out-of-Bounds Write vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, may force an Out-of-Bounds Write vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force a Memory Corruption vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, may force an Out-of-Bounds Write vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A maliciously crafted DWF file, when parsed through Autodesk Navisworks, may force an Out-of-Bounds Write vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, may force an Out-of-Bounds Write vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can be used to cause a Heap-based Overflow vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force a Memory Corruption vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Write vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
The WP All Import Pro plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.9.3 due to missing SSRF protection on the pmxi_curl_download function. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A flaw was found in Open Cluster Management (OCM) when a user has access to the worker nodes which contain the cluster-manager or klusterlet deployments. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
An issue in H3C switch h3c-S1526 allows a remote attacker to obtain sensitive information via the S1526.cfg component. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Next.js is a React framework for building full-stack web applications. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 could allow a remote attacker to obtain sensitive information in cleartext in a communication channel that can be sniffed by. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A NULL pointer dereference in D-Link DAP-1513 REVA_FIRMWARE_1.01 allows attackers to cause a Denial of Service (DoS) via a crafted web request without authentication. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
The EventPrime - Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the em_ticket_category_data and em_ticket_individual_data parameters in. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
Databricks JDBC Driver 2.x before 2.6.40 could potentially allow remote code execution (RCE) by triggering a JNDI injection via a JDBC URL parameter. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
CA Client Automation (ITCM) allows non-admin/non-root users to encrypt a string using CAF CLI and SD_ACMD CLI. Rated high severity (CVSS 7.3). No vendor patch available.