A restricted desktop environment escape vulnerability exists in the Kiosk Mode functionality of affected devices. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Western Digital mycloud.com before Web Version 2.2.0-134 allows XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Avira AV Engine before 8.3.54.138 allows virus-detection bypass via a crafted ISO archive. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A stored XSS vulnerability exists in the Modula Image Gallery plugin before 2.2.5 for WordPress. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.