PHP Scripts Mall Online Lottery PHP Readymade Script 1.7.0 has Cross-Site Request Forgery (CSRF) for Edit Profile actions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Abine Blur 7.8.2431 allows remote attackers to conduct "Second-Factor Auth Bypass" attacks by using the "Perform a right-click operation to access a forgotten dev menu to insert user passwords that. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The FusionInventory plugin before 1.4 for GLPI 9.3.x and before 1.1 for GLPI 9.4.x mishandles sendXML actions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.