An issue was discovered in admincp.php in idreamsoft iCMS 7.0.11. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
HandleRequestAsync in Docker for Windows before 18.06.0-ce-rc3-win68 (edge) and before 18.06.0-ce-win72 (stable) deserialized requests over the \\.\pipe\dockerBackend named pipe without verifying the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
The Ninja Forms plugin before 3.3.14.1 for WordPress allows CSV injection. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
MediaComm Zip-n-Go before 4.95 has a Buffer Overflow via a crafted file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
PDF-XChange Editor through 7.0.326.1 allows remote attackers to cause a denial of service (resource consumption) via a crafted x:xmpmeta structure, a related issue to CVE-2003-1564. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
idreamsoft iCMS 7.0.11 allows admincp.php?app=config Directory Traversal, resulting in execution of arbitrary PHP code from a ZIP file. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.