In oxidized-web (aka Oxidized Web) before 0.15.0, the RANCID migration page allows an unauthenticated user to gain control over the Linux user account that is running oxidized-web. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.
Incorrect access control in the component /rest/staffResource/findAllUsersAcrossOrg of Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows create and modify. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A DOM Clobbering vulnerability in tsup v8.3.4 allows attackers to execute arbitrary code via a crafted script in the import.meta.url to document.currentScript in cjs_shims.js components. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Directory Traversal (Local File Inclusion) vulnerability in Tikit (now Advanced) eMarketing platform 6.8.3.0 allows a remote attacker to read arbitrary files and obtain sensitive information via a. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Stage.js through 0.8.10 allows DOM Clobbering (with resultant XSS for untrusted input that contains HTML but does not directly contain JavaScript), because document.currentScript lookup can be. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.
Prism (aka PrismJS) through 1.29.0 allows DOM Clobbering (with resultant XSS for untrusted input that contains HTML but does not directly contain JavaScript), because document.currentScript lookup. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.
A vulnerability, which was classified as critical, was found in Tenda AC7 up to 15.03.06.44. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Acora CMS version 10.1.1 is vulnerable to Cross-Site Request Forgery (CSRF). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Tuleap is an Open Source Suite to improve management of software developments and collaboration. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
PHP object injection in ProfileGrid WordPress plugin versions up to 5.9.4.3 allows authenticated attackers to execute arbitrary code through unsafe deserialization of user-controlled data. With CVSS 8.8 severity and only low-privilege authentication required, this CWE-502 vulnerability enables full site compromise. EPSS exploitation probability is low (0.23%, 45th percentile) and no active exploitation or public POC is confirmed, though Patchstack has documented the vulnerability in their WordPress plugin security database.
PHP object injection in Events Calendar for GeoDirectory plugin versions through 2.3.14 enables authenticated attackers with low-privilege access to execute arbitrary PHP code by injecting malicious serialized objects. The CVSS 8.8 score reflects network-based exploitation requiring only low-level authentication, with no user interaction needed. EPSS score of 0.23% (45th percentile) indicates low observed exploitation probability, and no CISA KEV listing confirms this is not yet actively exploited in the wild. Patchstack database reports this as a confirmed deserialization vulnerability (CWE-502) in the WordPress plugin ecosystem.
A vulnerability has been found in Totolink EX1800T 9.1.0cu.2112_B20220316 and classified as critical. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
IBM Engineering Requirements Management DOORS Next 7.0.2, 7.0.3, and 7.1 could allow a user to download a malicious file without verifying the integrity of the code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An issue has been discovered in GitLab CE/EE affecting all versions from 15.10 prior to 17.7.6, 17.8 prior to 17.8.4, and 17.9 prior to 17.9.1. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A SQL injection vulnerability in ArcGIS Server allows an EDIT operation to modify column properties in a manner that could lead to SQL injection when performed by a remote authenticated user. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Arbitrary file deletion in Helloprint WordPress plugin versions up to 2.0.7 allows remote unauthenticated attackers to delete critical files via path traversal, causing denial of service. CVSS 8.6 with Changed scope indicates impact beyond the vulnerable component. EPSS score of 0.19% (41st percentile) suggests low current exploitation probability. Reported by Patchstack audit team with technical details available in their vulnerability database.
OpenZiti is a free and open source project focused on bringing zero trust to any application. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
SQL injection in Doctor Appointment Booking WordPress plugin versions up to 1.0.0 allows authenticated attackers with low-level privileges to extract sensitive database information and potentially cause availability disruption. The vulnerability enables scope change, meaning attackers can access resources beyond their authorized privilege level to read high-sensitivity data. With EPSS probability at 0.12% (31st percentile) and no evidence of active exploitation or public exploit code, this represents a moderate real-world risk primarily for sites where low-privileged user accounts (subscriber/contributor roles) exist.
There is an improper access control issue in ArcGIS Server versions 11.3 and below on Windows and Linux which, under unique circumstances, could allow a remote, low‑privileged authenticated attacker. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Various Paragon Software products contain an arbitrary kernel memory write vulnerability within biontdrv.sys that is caused by a failure to properly validate the length of user supplied data, which. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
OpenZiti is a free and open source project focused on bringing zero trust to any application. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Local file inclusion in WP Vehicle Manager 3.1 and earlier allows remote unauthenticated attackers to read arbitrary files on the server or potentially execute code via PHP file inclusion. Classified as CWE-98 (PHP Remote File Inclusion) but exploits local file paths. EPSS score of 0.30% (53rd percentile) indicates below-average exploitation probability, with no CISA KEV listing or confirmed active exploitation. Patchstack vulnerability database confirms the issue affects arbitrary shortcode execution paths, suggesting exploitation requires specific WordPress shortcode processing contexts.
Path traversal in WizShop plugin versions through 3.0.2 enables remote attackers to include arbitrary PHP files from the local filesystem, potentially achieving remote code execution. Despite the high CVSS score (8.1), this vulnerability shows low real-world exploitation probability with EPSS at 0.22% (45th percentile). The attack complexity is rated HIGH (AC:H), requiring specific conditions to successfully exploit. No active exploitation confirmed; not listed in CISA KEV, and no public proof-of-concept identified at time of analysis.
Zohocorp ManageEngine ADSelfService Plus versions 6510 and below are vulnerable to account takeover due to the session mishandling. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Incorrect access control in the component /rest/staffResource/update of Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows create and modify user accounts,. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A flaw was found in the Ansible aap-gateway. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Information disclosure may occur due to improper permission and access controls to Video Analytics engine. Rated high severity (CVSS 7.9), this vulnerability is low attack complexity. No vendor patch available.
Various Paragon Software products contain an arbitrary kernel memory vulnerability within biontdrv.sys, facilitated by the memmove function, which does not validate or sanitize user controlled input,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
A flaw was found in grub2. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
A flaw was found in the HFS filesystem. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Various Paragon Software products contain an insecure kernel resource access vulnerability facilitated by the driver not validating the MappedSystemVa pointer before passing it to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Various Paragon Software products contain an arbitrary kernel memory mapping vulnerability within biontdrv.sys that is caused by a failure to properly validate the length of user supplied data, which. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Memory corruption occurs during an Escape call if an invalid Kernel Mode CPU event and sync object handle are passed with the DriverKnownEscape flag reset. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Memory corruption while doing Escape call when user provides valid kernel address in the place of valid user buffer address. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Memory corruption while reading a type value from a buffer controlled by the Guest Virtual Machine. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Memory corruption while processing input message passed from FE driver. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Memory corruption while reading a value from a buffer controlled by the Guest Virtual Machine. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Memory corruption in display driver while detaching a device. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.
Memory corruption may occur while accessing a variable during extended back to back tests. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
Memory corruption may occur during communication between primary and guest VM. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Memory corruption may occur while validating ports and channels in Audio driver. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
Memory corruption may occur due to improper input validation in clock device. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Memory corruption may occur during the synchronization of the camera`s frame processing pipeline. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
Memory corruption while handling multuple IOCTL calls from userspace for remote invocation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
Memory corruption caused by missing locks and checks on the DMA fence and improper synchronization. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
Memory corruption during voice activation, when sound model parameters are loaded from HLOS, and the received sound model list is empty in HLOS drive. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
Memory corruption during voice activation, when sound model parameters are loaded from HLOS to ADSP. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
Memory corruption while invoking IOCTL calls from the use-space for HGSL memory node. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
Memory corruption while processing command in Glink linux. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
When reading data from a hfs filesystem, grub's hfs filesystem module uses user-controlled parameters from the filesystem metadata to calculate the internal buffers size, however it misses to. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.