Stack-based Buffer Overflow vulnerability in ABB Terra AC wallbox.8.33. Rated medium severity (CVSS 6.9), this vulnerability is low attack complexity. No vendor patch available.
An issue was discovered in Logpoint before 7.7.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
An issue was discovered in Logpoint before 7.7.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Permission control vulnerability in the startup recovery module. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Vulnerability of accessing invalid memory in the component driver module. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.
Exposure of credentials in unintended requests in Devolutions Server, Remote Desktop Manager on Windows.3.8.0; Remote Desktop Manager: through 2025.3.23.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
UAF vulnerability in the screen recording framework module. Rated medium severity (CVSS 6.4). No vendor patch available.
File upload vulnerability in HCL Technologies Ltd. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Identity authentication bypass vulnerability in the Gallery app. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Permission control vulnerability in the print module. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Netskope was notified about a potential gap in its agent (NS Client) on Windows systems. Rated medium severity (CVSS 5.9), this vulnerability is low attack complexity. No vendor patch available.
UAF vulnerability in the USB driver module. Rated medium severity (CVSS 5.8). No vendor patch available.
Cross-Site Request Forgery (CSRF) vulnerability in HCL Technologies Ltd. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Permission control vulnerability in the Wi-Fi module. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Improper Privilege Management vulnerability in Apache Kvrocks.9.0 through v2.13.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Cross-site scripting (XSS) vulnerability in HCL Technologies Ltd. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Reveals plaintext credentials in the MONITOR command vulnerability in Apache Kvrocks.0.0 through 2.13.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Denial of service (DoS) vulnerability in the office service. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Permission control vulnerability in the Notepad module. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required. No vendor patch available.
Permission control vulnerability in the App Lock module. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required. No vendor patch available.
Peppol-py before 1.1.1 allows XXE attacks because of the Saxon configuration. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Kivitendo before 3.9.2 allows XXE injection. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Permission control vulnerability in the file management module. Rated medium severity (CVSS 4.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Permission control vulnerability in the file management module. Rated medium severity (CVSS 4.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Configuration defect vulnerability in the file management module. Rated medium severity (CVSS 4.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
The Nextend Social Login and Register plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.21. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
app/Model/EventReport.php in MISP before 2.5.27 allows path traversal in view picture for a site-admin. Rated medium severity (CVSS 4.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.