A buffer overflow was found in Shim in the 32-bit system. Rated high severity (CVSS 7.4), this vulnerability is no authentication required. No vendor patch available.
SUPERAntiSpyware Pro X v10.0.1260 is vulnerable to kernel-level API parameters manipulation and Denial of Service vulnerabilities by triggering the 0x9C402140 IOCTL code of the saskutil64.sys driver. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.
When adding attachments to ticket comments, another user can add attachments as well impersonating the orginal user. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The Cloudflare Wordpress plugin was found to be vulnerable to improper authentication. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A stored cross-site scripting (XSS) vulnerability in /install.php?m=install&c=index&a=step3 of GreenCMS v2.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A vulnerability was found in Shanxi Diankeyun Technology NODERP up to 6.0.2 and classified as critical.php of the component Cookie Handler. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.