Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Group Hope charity-is-hope allows PHP Local File Inclusion.This issue affects Hope: from n/a through 3.0.0.
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in JanStudio Gecko allows PHP Local File Inclusion.This issue affects Gecko: from n/a through 1.9.8.
Memory corruption occurs when a secure application is launched on a device with insufficient memory.
Memory corruption when copying overlapping buffers during memory operations due to incorrect offset calculations.
Memory corruption when accessing resources in kernel driver.
Memory corruption while passing pages to DSP with an unaligned starting address.
Memory corruption while preprocessing IOCTLs in sensors.
Memory Corruption when multiple threads concurrently access and modify shared resources.
Memory corruption while processing identity credential operations in the trusted application.
Memory corruption while processing a secure logging command in the trusted application.
Cryptographic issue may occur while encrypting license data.
Memory corruption while processing a video session to set video parameters.
Memory corruption while deinitializing a HDCP session.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Digital zoom studio DZS Video Gallery allows Reflected XSS.This issue affects DZS Video Gallery: from n/a through 12.25.
Incorrect Privilege Assignment vulnerability in Dasinfomedia WPCHURCH allows Privilege Escalation.This issue affects WPCHURCH: from n/a through 2.7.0.
A flaw has been found in TRENDnet TEW-811DRU 1.0.2.0. This affects the function setDeviceURL of the file uapply.cgi of the component httpd . This manipulation of the argument DeviceURL causes os command injection. The attack can be initiated remotely. The exploit has been published and may be used....
The WP Enable WebP plugin for WordPress is vulnerable to arbitrary file uploads due to improper file type validation in the 'wpse_file_and_ext_webp' function in all versions up to, and including, 1.0. This makes it possible for authenticated attackers, with Author-level access and above, t...
The WP Photo Album Plus plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘shortcode’ parameter in all versions up to, and including, 9.1.05.008 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbit...
The Frontend File Manager Plugin WordPress plugin before 23.5 did not validate a path parameter and ownership of the file, allowing any authenticated users, such as subscribers to delete arbitrary files on the server
The Reviewify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'send_test_email' AJAX action in all versions up to, and including, 1.0.6. This makes it possible for authenticated attackers, with Contributor-level access and ab...