Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound DZS Ajaxer Lite allows Stored XSS.04. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound RSVP ME allows Stored XSS.9.9. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
In Bluetooth Stack SW, there is a possible information disclosure due to a missing permission check. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
In da, there is a possible out of bounds read due to an integer overflow. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.
A flaw was found in grub2. Rated medium severity (CVSS 6.4). No vendor patch available.
A flaw was found in grub2. Rated medium severity (CVSS 6.4). No vendor patch available.
A flaw was found in grub2. Rated medium severity (CVSS 6.4). No vendor patch available.
Missing Authorization vulnerability in radicaldesigns radSLIDE allows Exploiting Incorrectly Configured Access Control Security Levels.1. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Reflected Cross-Site Scripting (XSS) in the SMS Alert Order Notifications WordPress plugin through version 3.7.8 enables remote attackers to execute arbitrary JavaScript in victim browsers by tricking users into clicking malicious links. The vulnerability carries a CVSS score of 7.1 due to changed scope (cross-domain consequences), though exploitation requires user interaction. EPSS probability is low (0.08%, 25th percentile), indicating limited observed exploitation activity. No CISA KEV listing confirms active widespread exploitation, though Patchstack's vulnerability database disclosure suggests the flaw may be targeted in WordPress-specific attack campaigns.
Reprise License Manager 14.2 is vulnerable to reflected cross-site scripting in /goform/activate_process via the akey parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An integer overflow flaw was found in the BFS file system driver in grub2. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in winking Affiliate Links Manager allows Reflected XSS.0. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
aes-gcm is a pure Rust implementation of the AES-GCM. Rated medium severity (CVSS 5.6), this vulnerability is no authentication required. No vendor patch available.
A vulnerability has been found in ESAFENET DSM 3.1.2 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Transient DOS can occur while processing UCI command. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Transient DOS during hypervisor virtual I/O operation in a virtual machine. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Information disclosure while deriving keys for a session for any Widevine use case. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
A stack overflow flaw was found when reading a BFS file system. Rated medium severity (CVSS 4.1). No vendor patch available.
In apu, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Tuleap is an open-source suite designed to improve software development management and collaboration. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.
/api/user/users in the web GUI for the Cubro EXA48200 network packet broker (build 20231025055018) fixed in V5.0R14.5P4-V3.3R1 allows remote authenticated users of the application to increase their. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
While processing the authentication message in UE, improper authentication may lead to information disclosure. Rated medium severity (CVSS 5.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
An issue has been discovered in GitLab CE/EE affecting all versions from 16.6 before 17.7.6, 17.8 before 17.8.4, and 17.9 before 17.9.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A stored cross-site scripting (XSS) vulnerability in Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows attackers to execute arbitrary web scripts or HTML via. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A stored cross-site scripting (XSS) vulnerability in Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows attackers to execute arbitrary web scripts or HTML via. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
In Bitaxe ESP-Miner before 2.5.0 with AxeOS, one can use an /api/system CSRF attack to update the payout address (aka stratumUser) for a Bitaxe Bitcoin miner, or change the frequency and voltage. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Multiple cross-site scripting (XSS) vulnerabilities in EasyVirt DC NetScope <= 8.6.4 allow remote attackers to inject arbitrary JavaScript or HTML code via the (1) smtp_server, (2) smtp_account, (3). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
IBM Business Automation Workflow and IBM Business Automation Workflow Enterprise Service Bus 24.0.0, 24.0.1 and earlier unsupported versions are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Buffer overflow vulnerability exists in FutureNet AS series (Industrial Routers) and FA series (Protocol Conversion Machine) provided by Century Systems Co., Ltd. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability, which was classified as critical, was found in ESAFENET CDG 5.6.3.154.205_20250114. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A vulnerability was found in i-Drive i11 and i12 up to 20250227. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A vulnerability classified as problematic was found in FITSTATS Technologies AthleteMonitoring up to 20250302. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
HCL SX is vulnerable to cross-site request forgery vulnerability which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.
Various Paragon Software products contain a null pointer dereference vulnerability within biontdrv.sys that is caused by a lack of a valid MasterLrp structure in the input buffer, allowing an. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Path Traversal vulnerability in NotFound GPX Viewer allows Path Traversal.2.11. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
There is a path traversal vulnerability in ESRI ArcGIS Server versions 11.3 and below. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
There is a path traversal vulnerability in ESRI ArcGIS Server versions 11.3 and below. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and follow that may allow a remote, authenticated attacker to create a stored crafted link which when clicked. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.