A path traversal vulnerability in Vedo Suite 2024.17 allows remote authenticated attackers to read arbitrary filesystem files by exploiting an unsanitized 'file_get_contents()' function call in. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Vedo Suite 2024.17 is vulnerable to Incorrect Access Control, which allows remote attackers to obtain a valid high privilege JWT token without prior authentication via sending an empty HTTP POST. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
Bottinelli Informatical Vedo Suite 2024.17 is vulnerable to Server-side Request Forgery (SSRF) in the /api_vedo/video/preview endpoint, which allows remote authenticated attackers to trigger HTTP. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A local file inclusion (LFI) vulnerability in Vedo Suite version 2024.17 allows remote authenticated attackers to read arbitrary filesystem files by exploiting an unsanitized 'readfile()' function. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A Cross-site scripting (XSS) vulnerability in /api_vedo/ in Vedo Suite version 2024.17 allows remote attackers to inject arbitrary Javascript or HTML code and potentially trigger code execution in. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
:Vulnerability of insufficient data length verification in the DFA module. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Stack-based buffer overflow vulnerability in the dms_fwk module. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.
Vulnerability of insufficient data length verification in the HVB module. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Vulnerability of insufficient data length verification in the partition module. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
Out-of-bounds read vulnerability in the register configuration of the DMA module. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
Race condition issue occurring in the physical page import process of the memory management module. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
Out-of-bounds array access issue due to insufficient data verification in the kernel ambient light module. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.
4C Strategies Exonaut before v22.4 was discovered to contain insecure permissions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
4C Strategies Exonaut before v21.6.2.1-1 was discovered to contain a Server-Side Request Forgery (SSRF). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The FileBird - WordPress Media Library Folders & File Manager plugin for WordPress is vulnerable to SQL Injection via the 'search' parameter in all versions up to, and including, 6.4.8 due to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The Betheme theme for WordPress is vulnerable to Stored Cross-Site Scripting via an Elementor display setting in all versions up to, and including, 28.1.3 due to insufficient input sanitization and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The WP Tournament Registration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘field’ parameter in all versions up to, and including, 1.3.0 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The Flex Guten plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘thumbnailHoverEffect’ parameter in all versions up to, and including, 1.2.5 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The WPBakery Page Builder for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several shortcodes in all versions up to, and including, 8.5 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Out-of-bounds write in detaching crypto box in Blockchain Keystore prior to version 1.3.17.2 allows local privileged attackers to write out-of-bounds memory. Rated medium severity (CVSS 6.3), this vulnerability is low attack complexity. No vendor patch available.
Input verification vulnerability in the home screen module. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Vulnerability of insufficient information protection in the media library module. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Vulnerability that allows setting screen rotation direction without permission verification in the screen management module. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Vulnerability of returning released pointers in the distributed notification service. Rated medium severity (CVSS 5.9), this vulnerability is low attack complexity. No vendor patch available.
Windows Shortcut Following (.LNK) vulnerability in multiple processes of Mitsubishi Electric Iconics Digital Solutions GENESIS64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS. Rated medium severity (CVSS 5.9), this vulnerability is low attack complexity. No vendor patch available.
Iterator failure vulnerability in the card management module. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Iterator failure vulnerability in the card management module. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Out-of-bounds write in creating bitmap images in Blockchain Keystore prior to version 1.3.17.2 allows local privileged attackers to write out-of-bounds memory. Rated medium severity (CVSS 5.7). No vendor patch available.
Permission control vulnerability in the distributed clipboard module. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.
Deserialization vulnerability of untrusted data in the ability module. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Issue of inconsistent read/write serialization in the ad module. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Improper authorization in Samsung Health prior to version 6.30.1.003 allows local attackers to access data in Samsung Health. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Out-of-bounds access vulnerability in the audio codec module. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Out-of-bounds access vulnerability in the audio codec module. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Out-of-bounds read vulnerability in the SSAP module of the NearLink protocol stack. Rated medium severity (CVSS 5.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Out-of-bounds read vulnerability in the SSAP module of the NearLink protocol stack. Rated medium severity (CVSS 5.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
The GiveWP - Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 4.6.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.
4C Strategies Exonaut before v22.4 was discovered to contain an access control issue. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Iterator failure issue in the multi-mode input module. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.
Vulnerability of inadequate packet length check in the BLE module. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Out-of-bounds array access issue due to insufficient data verification in the location service module. Rated medium severity (CVSS 5.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Race condition vulnerability in the kernel hufs module. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.
Vulnerability of using incompatible types to access resources in the location service. Rated medium severity (CVSS 4.5). No vendor patch available.
Out-of-bounds read in Blockchain Keystore prior to version 1.3.17.2 allows local privileged attackers to read out-of-bounds memory. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
Issue of buffer overflow caused by insufficient data verification in the kernel drop detection module. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
Out-of-bounds array access issue due to insufficient data verification in the kernel ambient light module. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
Improper array index verification vulnerability in the audio codec module. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Out-of-bounds array access vulnerability in the ArkUI framework. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A maliciously crafted PSD file, when linked or imported into Autodesk 3ds Max, can force an Out-of-Bounds Read vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.