In TdlsexRxFrameHandle of the MTK WLAN driver, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A flaw was found in openshift-gitops-operator-container. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.
The WS Form LITE - Drag & Drop Contact Form Builder for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the url parameter in all versions up to, and including, 1.10.13. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
An issue in Open5GS v.2.7.2 allows a remote attacker to cause a denial of service via the ogs_dbi_auth_info function in lib/dbi/subscription.c file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
Mailcow through 2024-11b has a session fixation vulnerability in the web panel. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
AutoLib Software Systems OPAC v20.10 was discovered to have multiple API keys exposed within the source code. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
D-Link DSR series business routers (DSR-150, DSR-150N, DSR-250, DSR-250N, DSR-500N, DSR-1000N) with firmware 3.13 through 3.17B901C contain a buffer overflow that allows unauthenticated remote code execution. The entire DSR business router product line is affected.
An issue was discovered in DTEX DEC-M (DTEX Forwarder) 6.1.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 10.5% and no vendor patch available.
A Local Code Injection Vulnerability exists in the product and version listed above. Rated high severity (CVSS 7.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
An Incorrect Permission Assignment Vulnerability exists in the product and version listed above. Rated high severity (CVSS 7.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
In shouldSkipForInitialSUW of AdvancedPowerUsageDetail.java, there is a possible way to bypass factory reset protections due to a missing permission check. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
In checkKeyIntent of AccountManagerService.java, there is a possible way to bypass intent security check and install an unknown app due to a confused deputy. Rated high severity (CVSS 7.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
In parseUriInternal of Intent.java, there is a possible infinite loop due to improper input validation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In onCreate of ChooserActivity.java, there is a possible way to bypass factory reset protections due to a missing permission check. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
In TBD of TBD, there is a possible use after free due to a race condition. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
In TBD of TBD, there is a possible use after free due to a race condition. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
In TBD of TBD, there is a possible use-after-free due to a logic error in the code. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
In TBD of TBD, there is a possible use-after-free due to a logic error in the code. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
In _DevmemXReservationPageAddress of devicemem_server.c, there is a possible use-after-free due to improper casting. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
In DevmemXIntMapPages of devicemem_server.c, there is a possible arbitrary code execution due to an integer overflow. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
In RGXMMUCacheInvalidate of rgxmem.c, there is a possible arbitrary code execution due to a race condition. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A Local Code Execution Vulnerability exists in the product and version listed above. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A denial-of-service vulnerability exists in the affected products. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Avi Load Balancer contains an unauthenticated blind SQL Injection vulnerability which was privately reported to VMware. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A Credential Exposure Vulnerability exists in the above-mentioned product and version. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An attacker can bypass the sandboxing of Nasal scripts and arbitrarily write to any file path that the user has permission to modify at the operating-system level. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.
In JetBrains ReSharper before 2024.3.4, 2024.2.8, and 2024.1.7, Rider before 2024.3.4, 2024.2.8, and 2024.1.7, dotTrace before 2024.3.4, 2024.2.8, and 2024.1.7, ETW Host Service before 16.43, Local. Rated high severity (CVSS 7.8). No vendor patch available.
Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.
A path traversal vulnerability exists in the Rockwell Automation DataEdge Platform DataMosaix Private Cloud. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper Neutralization of Argument Delimiters in the TeamViewer_service.exe component of TeamViewer Clients prior version 15.62 for Windows allows an attacker with local unprivileged access on a. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
A flaw was found in OpenShift Service Mesh 2.6.3 and 2.5.6. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The Eventer plugin for WordPress is vulnerable to SQL Injection via the 'event' parameter in the 'eventer_get_attendees' function in all versions up to, and including, 3.9.8 due to insufficient. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
NVIDIA GPU display driver for Windows and Linux contains a vulnerability where data is written past the end or before the beginning of a buffer. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where a malicious guest could cause memory corruption. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
NVIDIA Container Toolkit contains an improper isolation vulnerability where a specially crafted container image could lead to untrusted code obtaining read and write access to host devices. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable. No vendor patch available.
NVIDIA Container Toolkit contains an improper isolation vulnerability where a specially crafted container image could lead to modification of a host binary. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable. No vendor patch available.
Using ParsePKCS1PrivateKey to parse a RSA key that is missing the CRT values would panic when verifying that the key is well formed. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Credentials provided via the new GOAUTH feature were not being properly segmented by domain, allowing a malicious server to request credentials they should not have access to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
When logs are written to a widely-writable directory (the default), an unprivileged attacker may predict a privileged process's log file path and pre-create a symbolic link to a sensitive file in its. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.