The Filr WordPress plugin before 1.2.2.1 does not have authorisation check in two of its AJAX actions, allowing them to be called by any authenticated users, such as subscriber. They are are protected with a nonce, however the nonce is leaked on the dashboard. This could allow them to upload...
8.8CVSS
8.5AI Score
0.001EPSS
Buffer overflow in the Active Template Library (ATL) framework in the VPNAPI COM module in Cisco AnyConnect Secure Mobility Client 2.x allows user-assisted remote attackers to execute arbitrary code via a crafted HTML document, aka Bug ID...
7.7AI Score
0.833EPSS
SQL injection vulnerability in CategoryManager/upload_image_category.asp in DMXReady Secure Document Library 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the cid...
8.7AI Score
0.002EPSS