An issue in vvveb CMS v.1.0.6 allows a remote attacker to execute arbitrary code via the Plugin mechanism. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
EngineerCMS v1.02 through v.2.0.5 has a SQL injection vulnerability in the /project/addprojtemplet interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Client RCE on macOS and Linux via improper symbolic link resolution in Google Web Designer's preview feature. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A directory traversal vulnerability was discovered in Pagure server. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
A vulnerability was discovered in Pagure server. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
A null pointer dereference vulnerability was discovered in Netis WF2880 v2.1.40207. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Tenda FH451 V1.0.0.9 is vulnerable to Remote Code Execution in the formSafeEmailFilter function. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
An arbitrary file upload vulnerability in the Image Gallery of ThingsBoard Community, ThingsBoard Cloud and ThingsBoard Professional v3.8.1 allows attackers to execute arbitrary code via uploading a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
An issue was discovered in Znuny before 7.1.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The web management interface of Okcat Parking Management Platform from ZONG YU has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Improper authentication handling was identified in a set of HTTP POST requests affecting the following product families: * Digi PortServer TS - prior to and including 82000747_AA, build date. Rated critical severity (CVSS 9.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cozy Vision Technologies Pvt. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Reflected cross-site scripting vulnerability exists in the laser printers and MFPs (multifunction printers) which implement Ricoh Web Image Monitor. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
This issue was addressed with additional entitlement checks. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
This issue was addressed by restricting options offered on a locked device. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Radware Cloud Web Application Firewall (WAF) before 2025-05-07 allows remote attackers to bypass firewall filters by adding a special character to the request. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Radware Cloud Web Application Firewall (WAF) before 2025-05-07 allows remote attackers to bypass firewall filters by placing random data in the HTTP request body when using the HTTP GET method. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The issue was addressed with improved memory handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The issue was addressed with improved memory handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A file quarantine bypass was addressed with additional checks. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.
The issue was addressed with improved input sanitization. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
This issue was addressed through improved state management. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The issue was addressed with improved checks. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The issue was addressed with improved memory handling. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The issue was addressed with improved input sanitization. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
A logic issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
The issue was addressed with improved input sanitization. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
An input validation issue was addressed by removing the vulnerable code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
A correctness issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
The issue was addressed with additional permissions checks. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
A permissions issue was addressed with additional restrictions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
A logic issue was addressed with improved checks. Rated high severity (CVSS 7.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The issue was addressed with improved checks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A logging issue was addressed with improved data redaction. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
An integer overflow was addressed with improved input validation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
This issue was addressed with improved checks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
This issue was addressed with improved checks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A logic issue was addressed with improved state management. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The issue was addressed with improved checks. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
SEL-5037 Grid Configurator contains an overly permissive Cross Origin Resource Sharing (CORS) configuration for a data gateway service in the application. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The issue was addressed with improved memory handling. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A logic issue was addressed with improved checks. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A privacy issue was addressed by removing sensitive data. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A logic issue was addressed with improved checks. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The issue was addressed with improved authentication. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
The issue was addressed with improved checks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The issue was addressed with improved input validation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The issue was addressed with improved memory handling. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The issue was addressed with improved UI. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.