Subscriber Arbitrary File Deletion in WPBot Pro Wordpress Chatbot <= 13.6.5 versions.
Subscriber Arbitrary File Upload in PT Luxa Addons <= 1.2.2 versions.
Unauthenticated PHP Object Injection in ThemeREX Addons <= 2.36.1.1 versions.
Unauthenticated Local File Inclusion in Learnify <= 1.15.0 versions.
HCL ZIE for Web is affetced by an Unrestricted File Upload vulnerability, If the server is configured to execute code, then it may be possible to obtain command execution on the server by uploading a file known as a web shell, which allows you to execute arbitrary code or operating system commands. ...
Subscriber Privilege Escalation in Sonaar <= 4.27.4 versions.
Unauthenticated Cross Site Scripting (XSS) in Sonaar <= 4.27.4 versions.
Unauthenticated Local File Inclusion in HomeRoofer <= 2.11.0 versions.
Unauthenticated Local File Inclusion in Joly <= 1.22.0 versions.
Unauthenticated Local File Inclusion in Neuronet < 1.14.0 versions.
Unauthenticated Local File Inclusion in Geya <= 1.15 versions.
Unauthenticated Arbitrary File Download in Premium Age Verification / Restriction for WordPress <= 3.0.2 versions.
In multiple locations there is a possible provisioning bypass due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
In multiple locations, there is a possible 3rd party passkey entry pairing approval due to a missing permission check. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
In overrideConfig of CarrierConfigLoader.java, there is a possible way to bypass UID check due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
In multiple functions of btm_sec.cc, there is a possible way for an attacker to intercept SMS messages due to a logic error in the code. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themify Folo allows Reflected XSS. This issue affects Themify Folo: from n/a through 1.9.6.
Netskope is notified about a potential gap in its Netskoped Client for Windows systems where a malicious insider with admin privileges can lead to bypassing the NSClient Tamper Protections due to weak Discretionary Access Control List (DACLs) on the service object and related registry keys,. * Pr...
Netskope was notified about a potential gap in its Netskope Client for Windows systems where a malicious insider with administrative privileges can potentially tamper with the customer IOCTL by sending crafted IOCTL requests to the driver. A successful exploit can result in the bypassing of all anti...
Subscriber Arbitrary File Upload in Grip <= 1.0.9 versions.