Backdoor.Win32.DarkKomet.gozu malware suffers from an insecure permissions vulnerability.
Linksys EA7500 version 2.0.8.194281 suffers from a cross site scripting vulnerability due to an old jQuery version.
This Metasploit module exploits an unauthenticated arbitrary file upload in FortiLogger via an insecure POST request. It has been tested on versions prior to 5.2.0 in Windows 10 Enterprise.
Moodle 3.10.3 – ‘label’ Persistent Cross Site Scripting
Regis Inventory And Monitoring System 1.0 – ‘Item List’ Stored XSS
GetSimple CMS Custom JS Plugin 0.1 – CSRF to Persistent XSS
https://chaneang.go.th notified by IDOLSEC Team
WordPress MapifyLife plugin versions 3.3 and below suffer from a persistent cross site scripting vulnerability.
Virus.Win32.Sality.gen malware suffers from an insecure permissions vulnerability.
Ext2Fsd version 0.68 suffers from an unquoted service path vulnerability.