Gym Management System versions up to 1.0 is affected by cross-site request forgery (csrf) (CVSS 3.5).
A vulnerability was determined in Beetel 777VR1 up to 01.00.09. This impacts an unknown function of the component SSH Service. [CVSS 3.7 LOW]
Path traversal in Blossom up to version 1.17.1 file upload functionality allows authenticated remote attackers to access arbitrary files on affected systems. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor despite early notification.
The Beetel 777VR1 router's SSH/Telnet service contains insecure default initialization that allows local network attackers to achieve partial compromise of confidentiality, integrity, and availability. Public exploit code exists for this vulnerability, and the vendor has not released patches despite early notification. Affected devices running firmware version 01.00.09 and earlier require isolation from untrusted local networks until a security update becomes available.
A vulnerability was detected in Blossom up to 1.17.1. This vulnerability affects the function content of the file blossom-backend/backend/src/main/java/com/blossom/backend/server/article/draft/ArticleController.java of the component Article Title Handler. [CVSS 3.5 LOW]
Watsonx.Data versions up to 2.2.1 is affected by unrestricted upload of file with dangerous type (CVSS 3.8).
Improper Input Validation vulnerability in Apache Tomcat. Tomcat did not limit HTTP/0.9 requests to the GET method. [CVSS 3.7 LOW]
Edge Chromium contains a vulnerability that allows attackers to disclosure of stored autofill data such as addresses, email, or phone number met (CVSS 3.1).