In Code-Projects Online Car Rental System 1.0, the file upload feature does not validate file extensions or MIME types allowing an attacker to upload a PHP shell without any restrictions and execute. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 45.1% and no vendor patch available.
MonicaHQ v4.1.2 was discovered to contain a Client-Side Injection vulnerability via the last_name parameter the General Information module. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
When switching to other buffers using the :all command and visual mode still being active, this may cause a heap-buffer overflow, because Vim does not properly end visual mode and therefore may try. Rated medium severity (CVSS 4.2).
Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Directory Traversal. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Selesta Visual Access Manager < 4.42.2 is vulnerable to Cross Site Scripting (XSS) via /common/autocomplete.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Selesta Visual Access Manager < 4.42.2 is vulnerable to Cross Site Scripting (XSS) via vam/vam_visits.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Selesta Visual Access Manager < 4.42.2 is vulnerable to Cross Site Scripting (XSS) via monitor/s_monitor_map.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Selesta Visual Access Manager < 4.42.2 is vulnerable to Cross Site Scripting (XSS) via /vam/vam_ep.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Selesta Visual Access Manager < 4.42.2 is vulnerable to Cross Site Scripting (XSS) via monitor/s_scheduledfile.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Cross Site Scripting (XSS) via the Filter/FilterEditor function. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Cross Site Scripting (XSS) via the WSCView/Save function. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In Selesta Visual Access Manager < 4.42.2, an authenticated user can access the administrative page /common/vam_Sql.php, which allows for arbitrary SQL queries. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Cross Site Request Forgery (CSRF) via the WSCView function. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Missing Authorization vulnerability in Post SMTP Post SMTP allows Exploiting Incorrectly Configured Access Control Security Levels.9.11. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
OpenFGA is an authorization/permission engine. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, low attack complexity.
notion-go is a collection of libraries for supporting sign and verify OCI artifacts. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
@codidact/qpixel is a Q&A-based community knowledge-sharing software. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
next-forge is a Next.js project boilerplate for modern web application. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
jte (Java Template Engine) is a secure and lightweight template engine for Java and Kotlin. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
NamelessMC is a free, easy to use & powerful website software for Minecraft servers. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
An issue was discovered in Samsung Mobile Processor and Modem Exynos 9820, 9825, 980, 990, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W1000, Modem 5123, Modem 5300, Modem 5400. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
BigId PrivacyPortal v179 is vulnerable to Cross Site Scripting (XSS) via the "Label" field in the Report template function. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An issue was discovered in Samsung Mobile Processor Exynos 9820, 9825, 980, 990, 850, 1080, 2100, and 1280. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A malformed packet can cause a buffer overflow in the APS layer of the Ember ZNet stack and lead to an assert. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Code-Projects Online Car Rental System 1.0 is vulnerable to Cross Site Scripting (XSS) via the vehicalorcview parameter in /admin/edit-vehicle.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 9820, 9825, 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, W1000, Modem. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
An issue was discovered in Samsung Mobile Processor Exynos 9820, 9825, 980, 990, 850, 1080, 2100, and 1280. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Pega Platform versions 8.1 to Infinity 24.2.0 are affected by an Stored XSS issue with profile. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
CloudStack users can add and read comments (annotations) on resources they are authorised to access. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 18.4% and no vendor patch available.
Kernel software installed and running inside a Guest VM may exploit memory shared with the GPU Firmware to write data outside the Guest's virtualised GPU memory. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
Kernel software installed and running inside a Guest VM may post improper commands to the GPU Firmware to write data outside the Guest's virtualised GPU memory. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
Kernel software installed and running inside a Guest VM may exploit memory shared with the GPU Firmware to write data outside the Guest's virtualised GPU memory. Rated medium severity (CVSS 4.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
The Email Subscribers by Icegram Express WordPress plugin before 5.7.45 does not sanitise and escape some of its Workflow settings, which could allow high privilege users such as admin to perform. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
The Email Subscribers by Icegram Express WordPress plugin before 5.7.45 does not sanitise and escape some of its form settings, which could allow high privilege users such as admin to perform Stored. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
The Email Subscribers by Icegram Express WordPress plugin before 5.7.45 does not sanitise and escape some of form settings, which could allow high privilege users such as admin to perform Stored. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
The Email Subscribers by Icegram Express WordPress plugin before 5.7.45 does not sanitise and escape some of its Text Block options, which could allow high privilege users such as admin to perform. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability classified as critical was found in liujianview gymxmjpa 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability classified as critical has been found in liujianview gymxmjpa 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in liujianview gymxmjpa 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in liujianview gymxmjpa 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in liujianview gymxmjpa 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in liujianview gymxmjpa 1.0 and classified as critical.java. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.