Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. [CVSS 7.5 HIGH]
We have identified a bug in Node.js error handling where "Maximum call stack size exceeded" errors become uncatchable when `async_hooks.createHook()` is enabled. Instead of reaching `process.on('uncaughtException')`, the process terminates, making the crash unrecoverable. [CVSS 7.5 HIGH]
Imagedirector Capture versions up to 7.6.3.25808. is affected by use of hard-coded credentials (CVSS 7.5).
Imagedirector Capture versions up to 7.6.3.25808. is affected by use of a broken or risky cryptographic algorithm (CVSS 7.5).
NVIDIA Nsight Systems for Linux contains a vulnerability in the .run installer, where an attacker could cause an OS command injection by supplying a malicious string to the installation path. [CVSS 7.3 HIGH]
NVIDIA Nsight Systems contains a vulnerability in the gfx_hotspot recipe, where an attacker could cause an OS command injection by supplying a malicious string to the process_nsys_rep_cli.py script if the script is invoked manually. [CVSS 7.3 HIGH]
Applinx versions up to 11.1.0 is affected by improper verification of cryptographic signature (CVSS 7.3).
NVIDIA Nsight Visual Studio for Windows contains a vulnerability in Nsight Monitor where an attacker can execute arbitrary code with the same privileges as the NVIDIA Nsight Visual Studio Edition Monitor application. [CVSS 7.3 HIGH]
Remote code execution in BROWAN COMMUNICATIONS PrismX MX100 AP controller allows high-privileged remote attackers to upload arbitrary files and execute web shell backdoors without user interaction. This vulnerability affects administrators with elevated credentials and enables complete compromise of the affected access point. No patch is currently available to remediate this issue.
The NotificationX - FOMO, Live Sales Notification, WooCommerce Sales Popup, GDPR, Social Proof, Announcement Banner & Floating Notification Bar plugin for WordPress is vulnerable to DOM-Based Cross-Site Scripting via the 'nx-preview' POST parameter in all versions up to, and including, 3.2.0. [CVSS 7.2 HIGH]
Business Intelligence versions up to 7.6.0.0.0 contains a vulnerability that allows attackers to unauthorized creation, deletion or modification access to critical data or all O (CVSS 7.1).
A flaw in Node.js's buffer allocation logic can expose uninitialized memory when allocations are interrupted, when using the `vm` module with the timeout option. [CVSS 7.1 HIGH]
Vm Virtualbox versions up to 7.1.14 contains a vulnerability that allows attackers to unauthorized ability to cause a hang or frequently repeatable crash (complete DO (CVSS 7.1).
Vulnerability in the SQLcl component of Oracle Database Server. Supported versions that are affected are 23.4.0-23.26.0. [CVSS 7.0 HIGH]