Vite is a frontend tooling framework for javascript. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. Actively exploited in the wild (cisa kev) and public exploit code available.
Xorcom CompletePBX is vulnerable to an authenticated path traversal, allowing for arbitrary file reads via the Backup and Restore functionality.2.35. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 68.8% and no vendor patch available.
OpenEMR is a free and open source electronic health records and medical practice management application. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
A vulnerability was found in Tenda FH1202 1.2.0.14(408) and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability classified as critical was found in Tenda FH1202 1.2.0.14(408). Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability classified as critical has been found in Tenda FH1202 1.2.0.14(408). Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability, which was classified as critical, has been found in Tenda FH1202 1.2.0.14(408). Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability has been found in Tenda FH1202 1.2.0.14(408) and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability, which was classified as critical, was found in Tenda FH1202 1.2.0.14(408). Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in Tenda FH1202 1.2.0.14(408). Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in PHPGurukul e-Diary Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
OpenEMR is a free and open source electronic health records and medical practice management application. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable. Public exploit code available.
The Photo Gallery by 10Web WordPress plugin before 1.8.34 does not sanitised and escaped comment added on images by unauthenticated users, leading to an Unauthenticated Stored-XSS attack when. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability classified as problematic was found in Open Asset Import Library Assimp 5.4.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
A vulnerability classified as critical has been found in Open Asset Import Library Assimp 5.4.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
A vulnerability was found in Project Worlds Online Time Table Generator 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in WCMS 11. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in zhangyanbo2007 youkefu 4.2.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in code-projects Payroll Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in code-projects Payroll Management System 1.0 and classified as critical.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in code-projects Payroll Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in code-projects Payroll Management System 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability, which was classified as critical, was found in SourceCodester Online Eyewear Shop 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in Sayski ForestBlog up to 20250321 and classified as problematic. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability has been found in Sayski ForestBlog up to 20250321 and classified as problematic. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability has been found in CodeCanyon Perfex CRM up to 3.2.1 and classified as problematic. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in GFI KerioConnect 10.0.6. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in GFI KerioConnect 10.0.6 and classified as problematic. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in GFI KerioConnect 10.0.6. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability, which was classified as problematic, was found in yzk2356911358 StudentServlet-JSP cc0cdce25fbe43b6c58b60a77a2c85f52d2102f5/d4d7a0643f1dae908a4831206f2714b21820f991. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability classified as problematic has been found in WCMS 11. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. Public exploit code available.
JumpServer is an open source bastion host and an operation and maintenance security audit system. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability, which was classified as critical, has been found in Digital China DCME-520 up to 20250320.php. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
gifplayer is a customizable jquery plugin to play and stop animated gifs. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
When running the AWS Serverless Application Model Command Line Interface (SAM CLI) build process with Docker and symlinks are included in the build files, the container environment allows a user to. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
After completing a build with AWS Serverless Application Model Command Line Interface (SAM CLI) which include symlinks, the content of those symlinks are copied to the cache of the local workspace as. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The issue was addressed with improved checks. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Cross-Site Request Forgery (CSRF) vulnerability in Drupal Matomo Analytics allows Cross Site Request Forgery.0.0 before 1.24.0. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Cross-Site Request Forgery (CSRF) vulnerability in Drupal Google Tag allows Cross Site Request Forgery.0.0 before 1.8.0, from 2.0.0 before 2.0.8. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Cross-Site Request Forgery (CSRF) vulnerability in Drupal Configuration Split allows Cross Site Request Forgery.0.0 before 1.10.0, from 2.0.0 before 2.0.2. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Cross-Site Request Forgery (CSRF) vulnerability in Drupal OAuth2 Client allows Cross Site Request Forgery.0.0 before 4.1.3. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
The issue was addressed with improved checks. Rated medium severity (CVSS 6.7), this vulnerability is remotely exploitable. No vendor patch available.
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Drupal AI (Artificial Intelligence) allows OS Command Injection.0.0 before 1.0.5. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.
A logic issue was addressed with improved checks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Vulnerability in Drupal Drupal Admin LTE theme.*. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.
Unrestricted Upload of File with Dangerous Type vulnerability in appointify Appointify allows Upload a Web Shell to a Web Server.0.8. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Vulnerability in Drupal Flattern - Multipurpose Bootstrap Business Profile.*. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.
Vulnerability in Drupal Material Admin.*. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.
A permissions issue was addressed with additional restrictions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.