In Sherpa Orchestrator 141851, multiple time-based blind SQL injections can be performed by an authenticated user. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.
In JetBrains TeamCity before 2025.03.1 stored XSS was possible on Data Directory tab. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A security vulnerability was discovered in Moodle that allows anyone to duplicate existing tours without needing to log in due to a lack of protection against cross-site request forgery (CSRF). Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A security vulnerability was found in Moodle where confidential information that prevents cross-site request forgery (CSRF) attacks was shared publicly through the site's URL. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable.
Andamiro Pump It Up 20th Anniversary (aka Double X or XX/2019) 1.00.0-2.08.3 allows a physically proximate attacker to cause a denial of service (application crash) via certain deselect actions. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.