i-Educar is free, fully online school management software. Rated low severity (CVSS 2.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Erlang/OTP is a set of libraries for the Erlang programming language. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
OpenStack Ironic before 29.0.1 can write unintended files to a target node disk during image handling (if a deployment was performed via the API). Rated low severity (CVSS 2.8). No vendor patch available.
Trix is a what-you-see-is-what-you-get rich text editor for everyday writing. Rated low severity (CVSS 2.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The TeleMessage archiving backend through 2025-05-05 holds cleartext copies of messages from TM SGNL (aka Archive Signal) app users, which is different functionality than described in the TeleMessage. Rated low severity (CVSS 1.9). Actively exploited in the wild (cisa kev) and no vendor patch available.