Unauthenticated Local File Inclusion in Raider Spirit <= 1.1.2 versions.
Unauthenticated PHP Object Injection in Hot Coffee <= 1.7 versions.
Unauthenticated Local File Inclusion in Rosaleen <= 2.8 versions.
Unauthenticated Local File Inclusion in Modernee <= 1.6.0 versions.
Unauthenticated Cross Site Scripting (XSS) in Qreatix <= 1.9.4 versions.
Subscriber Arbitrary Content Deletion in Brikk <= 3.0.0 versions.
HCL iControl was affected by Inadequate Session Timeout vulnerability. The vulnerability involves a security risk where a web application fails to automatically terminate user sessions after a period of inactivity
Subscriber Arbitrary File Deletion in WPBot Pro Wordpress Chatbot <= 13.6.5 versions.
Subscriber Arbitrary File Upload in PT Luxa Addons <= 1.2.2 versions.
Unauthenticated PHP Object Injection in ThemeREX Addons <= 2.36.1.1 versions.
Unauthenticated Local File Inclusion in Learnify <= 1.15.0 versions.
HCL ZIE for Web is affetced by an Unrestricted File Upload vulnerability, If the server is configured to execute code, then it may be possible to obtain command execution on the server by uploading a file known as a web shell, which allows you to execute arbitrary code or operating system commands. ...
Subscriber Privilege Escalation in Sonaar <= 4.27.4 versions.
Unauthenticated Cross Site Scripting (XSS) in Sonaar <= 4.27.4 versions.
Unauthenticated Local File Inclusion in HomeRoofer <= 2.11.0 versions.
Unauthenticated Local File Inclusion in Joly <= 1.22.0 versions.
Unauthenticated Local File Inclusion in Neuronet < 1.14.0 versions.
Unauthenticated Local File Inclusion in Geya <= 1.15 versions.
Unauthenticated Arbitrary File Download in Premium Age Verification / Restriction for WordPress <= 3.0.2 versions.
In multiple locations there is a possible provisioning bypass due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.