A vulnerability classified as problematic was found in Virtual Computer Vysual RH Solution 2024.12.1. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Improper Check for Unusual or Exceptional Conditions vulnerability in Phoenix SecureCore™ for Intel Kaby Lake, Phoenix SecureCore™ for Intel Coffee Lake, Phoenix SecureCore™ for Intel Comet Lake,. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.
Improper Check for Unusual or Exceptional Conditions vulnerability in Phoenix SecureCore™ for Intel Kaby Lake, Phoenix SecureCore™ for Intel Coffee Lake, Phoenix SecureCore™ for Intel Comet Lake,. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.
Sourcecodester House Rental Management system v1.0 is vulnerable to Cross Site Scripting (XSS) in rental/manage_categories.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
An information disclosure vulnerability exists in the testsave.sh functionality of Wavlink AC3000 M33A8.V5030.210505. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiMail versions 7.2.0 through 7.2.4 and 7.0.0 through 7.0.6 and 6.4.0 through 6.4.7,. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
An Improper Neutralization of CRLF Sequences in HTTP Headers ('http response splitting') vulnerability [CWE-113] in Fortinet FortiOS 7.2.0 through 7.6.0, FortiProxy 7.2.0 through 7.4.5 may allow a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability [CWE-89] in FortiSIEM ersion 7.1.7 and below, version 7.1.0, version 7.0.3 and below, version. Rated medium severity (CVSS 4.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiSOAR 7.3.0 through 7.3.3, 7.2.1 through 7.2.2 may allow an authenticated attacker to perform a stored. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in FortiSOAR IMAP connector version 3.5.7 and below may allow an authenticated. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A improper limitation of a pathname to a restricted directory ('path traversal') [CWE-23] in Fortinet FortiRecorder version 7.2.0 through 7.2.1 and before 7.0.4 allows a privileged attacker to delete. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. No vendor patch available.
An allocation of resources without limits or throttling [CWE-770] vulnerability in FortiOS versions 7.6.0, versions 7.4.4 through 7.4.0, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A relative path traversal in Fortinet FortiRecorder [CWE-23] version 7.2.0 through 7.2.1 and before 7.0.4 allows a privileged attacker to read files from the underlying filesystem via crafted HTTP or. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
An Improper Access Control vulnerability [CWE-284] vulnerability in Fortinet FortiDeceptor 6.0.0, FortiDeceptor 5.3 all versions, FortiDeceptor 5.2 all versions, FortiDeceptor 5.1 all versions,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiVoice version 7.0.0 through 7.0.4 and before 6.4.9 allows an. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
An observable response discrepancy vulnerability [CWE-204] in FortiClientEMS 7.4.0, 7.2.0 through 7.2.4, 7.0 all versions, and FortiSOAR 7.5.0, 7.4.0 through 7.4.4, 7.3.0 through 7.3.2, 7.2 all. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An out-of-bounds read vulnerability [CWE-125] in FortiOS SSLVPN web portal versions 7.4.0 through 7.4.4, versions 7.2.0 through 7.2.8, 7.0 all verisons, and 6.4 all versions may allow an. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiPortal versions 7.2.4 through 7.2.0 and 7.0.0 through 7.2.8 may allow an authenticated attacker. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiAnalyzer version 7.4.0 through 7.4.2, FortiManager version 7.4.0 through 7.4.2 allows attacker. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.
An improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiManager, FortiAnalyzer versions 7.4.0 through 7.4.2 and 7.2.0 through 7.2.5 and 7.0.0 through 7.0.12. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A relative path traversal vulnerability [CWE-23] in Fortinet FortiManager version 7.4.0 through 7.4.2 and before 7.2.5 allows a privileged attacker to delete files from the underlying filesystem via. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiAP-S 6.2 all verisons, and 6.4.0 through 6.4.9, FortiAP-W2 6.4 all versions, 7.0 all. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
A stack-based buffer overflow in Fortinet FortiWeb versions 7.2.0 through 7.2.7, and 7.4.0 through 7.4.1 may allow a privileged user to execute arbitrary code via specially crafted CLI commands,. Rated medium severity (CVSS 6.4). No vendor patch available.
Specifically crafted SCMI messages sent to an SCP running SCP-Firmware release versions up to and including 2.15.0 may lead to a Usage Fault and crash the SCP. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The Page Builder by SiteOrigin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the row label parameter in all versions up to, and including, 2.31.0 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.1006. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.
The HTML5 Video Player - mp4 Video Player Plugin and Block plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the ‘heading’ parameter in all versions up to, and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A vulnerability was found in Keycloak. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A denial of service vulnerability was found in Keycloak that could allow an administrative user with the right to change realm settings to disrupt the service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The W3 Total Cache plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including, 2.8.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.
The WP Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'booking' shortcode in all versions up to, and including, 10.9.2 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
An obsolete functionality in SAP NetWeaver Application Server ABAP did not perform necessary authorization checks. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Due to a missing authorization check on service endpoints in the SAP NetWeaver Application Server Java, an attacker with standard user role can create JCo connection entries, which are used for. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
SAP BusinessObjects Business Intelligence Platform allows an authenticated user with restricted access to inject malicious JS code which can read sensitive information from the server and send it to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.
Applications based on SAP GUI for HTML in SAP NetWeaver Application Server ABAP store user input in the local browser storage to improve usability. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.
In SAP Business Workflow and SAP Flexible Workflow, an authenticated attacker can manipulate a parameter in an otherwise legitimate resource request to view sensitive information that should. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.
SAP NetWeaver AS JAVA (User Admin Application) is vulnerable to stored cross site scripting vulnerability. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
SAP GUI for Java saves user input on the client PC to improve usability. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.
SAP GUI for Windows stores user input on the client PC to improve usability. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.
SAP NetWeaver Application Server for ABAP and ABAP Platform allows an attacker to gain unauthorized access to system information. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
We found a vulnerability Improper Restriction of XML External Entity Reference (CWE-611) in NB-series NX-Designer. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.