Directory traversal vulnerability in Zoho ManageEngine SupportCenter Plus 7.90 allows remote authenticated users to write to arbitrary files via a .. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 42.5%.
Directory traversal vulnerability in the Slider Revolution (revslider) plugin before 4.2 for WordPress allows remote attackers to read arbitrary files via a .. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Cross-site scripting (XSS) vulnerability in the Slider Revolution (revslider) plugin 4.2.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the client_action parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.
Directory traversal vulnerability in the Droidware UK Explorer+ File Manager application before 2.3.3 for Android allows remote attackers to write to arbitrary files via unspecified vectors. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The web framework in Cisco Unified Communications Domain Manager 8.1(4)ER1 allows remote attackers to obtain sensitive information by visiting a bvsmweb URL, aka Bug ID CSCuq22589. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Rational Test Control Panel in IBM Rational Test Workbench and Rational Test Virtualization Server 8.0.0.x before 8.0.0.5, 8.0.1.x before 8.0.1.6, 8.5.0.x before 8.5.0.4, 8.5.1.x before 8.5.1.5,. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.
Cross-site scripting (XSS) vulnerability in IBM Security QRadar Incident Forensics before 7.2.5 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.