Loan Management System version 1.0 suffers from a persistent cross site scripting vulnerability.
WordPress Plugin WP-UserOnline 2.87.6 – Stored Cross-Site Scripting (XSS)
Schneider Electric SpaceLogic C-Bus Home Controller (5200WHC2) – Remote Code Execution
Geonetwork 4.2.0 – XML External Entity (XXE)
Carel pCOWeb HVAC BACnet Gateway 2.1.0 – Directory Traversal
Asus GameSDK v1.0.0.4 – ‘GameSDK.exe’ Unquoted Service Path
Dingtian-DT-R002 3.1.276A – Authentication Bypass
rpc.py 0.6.0 – Remote Code Execution (RCE)
http://www.kalasin-pao.go.th/antidrug//images/id.gif notified by Moroccan Revolution
PCProtect Endpoint version 5.17.470 fails to provide sufficient anti-tampering protection that can be leveraged to achieve SYSTEM privileges.