Alludo Parallels Desktop before 19.4.2 and 20.x before 20.2.2 for macOS on Intel platforms allows privilege escalation to root via the VM creation routine. Rated high severity (CVSS 7.8). No vendor patch available.
In X.Org X server 20.11 through 21.1.16, when a client application uses easystroke for mouse gestures, the main thread modifies various data structures used by the input thread without acquiring a. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable.
Koha before 24.11.02 allows admins to execute arbitrary commands via shell metacharacters in the tools/scheduler.pl report parameter. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable. No vendor patch available.
A vulnerability classified as critical was found in IROAD Dash Cam X5 and Dash Cam X6 up to 20250308. Rated high severity (CVSS 7.7), this vulnerability is no authentication required. No vendor patch available.