An issue in Tianjin Xiaowu Information technology Co., Ltd BeiKe Holdings iOS 1.3.50 allows attackers to access sensitive user information via supplying a crafted link. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An issue in Mashang Consumer Finance Co., Ltd Anyihua iOS 3.6.2 allows attackers to access sensitive user information via supplying a crafted link. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An issue in Kingsoft Office Software Corporation Limited WPS Office iOS 12.20.0 allows attackers to access sensitive user information via supplying a crafted link. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An issue in Tencent Technology (Shenzhen) Company Limited QQMail iOS 6.6.4 allows attackers to access sensitive user information via supplying a crafted link. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An issue in Beijing Baidu Netcom Science & Technology Co Ltd Haokan Video iOS 7.70.0 allows attackers to access sensitive user information via supplying a crafted link. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An issue in Baidu (China) Co Ltd Baidu Input Method (iOS version) v12.6.13 allows attackers to access user information via supplying a crafted link. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An issue in Beijing Baidu Netcom Science & Technology Co Ltd Baidu Lite app (iOS version) 6.40.0 allows attackers to access user information via supplying a crafted link. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An issue in Hangzhou Bobo Technology Co Ltd UU Game Booster iOS 10.6.13 allows attackers to access sensitive user information via supplying a crafted link. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An issue in KuGou Technology Co., Ltd KuGou Concept iOS 4.0.61 allows attackers to access sensitive user information via supplying a crafted link. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An issue in Guangzhou Polar Future Culture Technology Co., Ltd University Search iOS 2.27.0 allows attackers to access sensitive user information via supplying a crafted link. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An issue in KuGou Technology CO. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An issue in Xiamen Meitu Technology Co., Ltd. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Cacti is an open source performance and fault management framework. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
fastd is a VPN daemon which tunnels IP packets and Ethernet frames over UDP. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
matrix-hookshot is a Matrix bot for connecting to external services like GitHub, GitLab, JIRA, and more. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
In illumos illumos-gate 2024-02-15, an error occurs in the elliptic curve point addition algorithm that uses mixed Jacobian-affine coordinates, causing the algorithm to yield a result of. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability classified as problematic has been found in TP-Link TL-SG108E 1.0.0 Build 20201208 Rel. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.
A vulnerability was found in TP-Link TL-SG108E 1.0.0 Build 20201208 Rel. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
SecuSTATION Camera V2.5.5.3116-S50-SMA-B20160811A and lower is vulnerable to Cross Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Cacti is an open source performance and fault management framework. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
IBM MQ Container 3.0.0, 3.0.1, 3.1.0 through 3.1.3 CD, 2.0.0 LTS through 2.0.22 LTS and 2.4.0 through 2.4.8, 2.3.0 through 2.3.3, 2.2.0 through 2.2.2 uses weaker than expected cryptographic. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Cacti is an open source performance and fault management framework. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
IBM Storage Defender 2.0.0 through 2.0.7 on-prem defender-sensor-cmd CLI could allow a remote attacker to obtain sensitive information, caused by sending network requests over an insecure channel. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
IBM Storage Protect for Virtual Environments: Data Protection for VMware and Storage Protect Backup-Archive Client 8.1.0.0 through 8.1.23.0 uses weaker than expected cryptographic algorithms that. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
IBM OpenPages with Watson 8.3 and 9.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
IBM Sterling File Gateway 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.1 could allow an authenticated user to perform unauthorized actions to another user's data due to improper access controls. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Eura7 CMSmanager in version 4.6 and below is vulnerable to Reflected XSS attacks through manipulation of return GET request parameter sent to a specific endpoint. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Xerox Workplace Suite stores tokens in session storage, which may expose them to potential access if a user's session is compromised. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A NULL Pointer Dereference vulnerability in Cesanta Frozen versions less than 1.7 allows an attacker to induce a crash of the component embedding the library by supplying a maliciously crafted JSON. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An Allocation of Resources Without Limits or Throttling vulnerability in Cesanta Frozen versions less than 1.7 allows an attacker to induce a crash of the component embedding the library by supplying. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability classified as problematic was found in INW Krbyyyzo 25.2002. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
Core creation allows users to replace "trusted" configset files with arbitrary configuration Solr instances that (1) use the "FileSystemConfigSetService" component (the default in "standalone" or. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Relative Path Traversal vulnerability in Apache Solr. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 13.5% and no vendor patch available.
A vulnerability in OTRS Application Server and reverse proxy settings allows session hijacking due to missing attributes for sensitive cookie settings in HTTPS sessions. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.
Certain errors of the upstream libraries will insert sensitive information in the OTRS or ((OTRS)) Community Edition log mechanism and mails send to the system administrator. Rated medium severity (CVSS 6.3). No vendor patch available.
A vulnerability exists in OTRS and ((OTRS Community Edition)) that fail to set the HTTP response header X-Content-Type-Options to nosniff. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The Social Share Buttons for WordPress plugin through 2.7 allows an unauthenticated user to upload arbitrary images and change the path where they are uploaded. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
The WP Triggers Lite WordPress plugin through 2.5.3 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
The Altra Side Menu WordPress plugin through 2.0 does not have CSRF checks in some places, which could allow attackers to make logged in admins delete arbitrary menu via a CSRF attack. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
The WP Customer Area WordPress plugin through 8.2.4 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
The WP Customer Area WordPress plugin through 8.2.4 does not have CSRF check in place when deleting its logs, which could allow attackers to make a logged in to delete them via a CSRF attack. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 does not set the secure attribute on authorization tokens or session cookies. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable. No vendor patch available.
IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 does not set the secure attribute on authorization tokens or session cookies. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable. No vendor patch available.
A vulnerability classified as critical was found in needyamin image_gallery 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability classified as problematic has been found in needyamin image_gallery 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.