The LWSCache plugin for WordPress is vulnerable to unauthorized modification of data due to improper authorization on the lwscache_activatePlugin() function in all versions up to, and including,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Multiple products provided by iND Co.,Ltd contain an OS command injection vulnerability. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Multiple products provided by iND Co.,Ltd contain an insecure storage of sensitive information vulnerability. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A security flaw has been discovered in E4 Sistemas Mercatus ERP 2.00.019. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Clinic Image System developed by Changing contains hard-coded Credentials, allowing unauthenticated remote attackers to log into the system using administrator credentials embedded in the source code. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Rejected reason: Not used. No vendor patch available.
Rejected reason: Not used. No vendor patch available.
Rejected reason: Not used. No vendor patch available.
Rejected reason: Not used. No vendor patch available.
Rejected reason: Not used. No vendor patch available.
Rejected reason: Not used. No vendor patch available.
Rejected reason: Not used. No vendor patch available.
Rejected reason: Not used. No vendor patch available.
NAVER MYBOX Explorer for Windows before 3.0.8.133 allows a local attacker to escalate privileges to NT AUTHORITY\SYSTEM by executing arbitrary files due to improper privilege checks. Rated high severity (CVSS 7.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
There is an Access Control Vulnerability in some HikCentral Professional versions. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
There is an Unquoted Service Path Vulnerability in some HikCentral FocSign versions. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
There is a CSV Injection Vulnerability in some HikCentral Master Lite versions. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability was identified in coze-studio up to 0.2.4. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
The issue was addressed with improved memory handling. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
This issue was addressed with improved handling of symlinks. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
The issue was addressed with improved checks. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
An Improper Input Validation in UISP Application could allow a Command Injection by a malicious actor with High Privileges and local access. Rated low severity (CVSS 3.4), this vulnerability is low attack complexity. No vendor patch available.