Monthly
Cisco Enterprise Chat and Email (ECE) Lite Agent feature allows authenticated remote attackers with Agent role credentials to upload files containing malicious scripts or HTML, which are then served to other users without adequate content validation. Successful exploitation enables stored cross-site scripting (XSS) attacks in victim browsers. The vulnerability requires valid user credentials and Agent role privileges but no user interaction on the victim side, affecting confidentiality and integrity but not availability.
Symlink following in the installer for the Zoom Workplace VDI Plugin macOS Universal installer before version 6.3.14, 6.4.14, and 6.5.10 in their respective tracks may allow an authenticated user to. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.
Maho is a free and open source ecommerce platform. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
picklescan before 0.0.22 only considers standard pickle file extensions in the scope for its vulnerability scan. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Cisco Enterprise Chat and Email (ECE) Lite Agent feature allows authenticated remote attackers with Agent role credentials to upload files containing malicious scripts or HTML, which are then served to other users without adequate content validation. Successful exploitation enables stored cross-site scripting (XSS) attacks in victim browsers. The vulnerability requires valid user credentials and Agent role privileges but no user interaction on the victim side, affecting confidentiality and integrity but not availability.
Symlink following in the installer for the Zoom Workplace VDI Plugin macOS Universal installer before version 6.3.14, 6.4.14, and 6.5.10 in their respective tracks may allow an authenticated user to. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.
Maho is a free and open source ecommerce platform. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
picklescan before 0.0.22 only considers standard pickle file extensions in the scope for its vulnerability scan. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.