Cross-Site Request Forgery (CSRF) vulnerability in Pixelite Login With Ajax.This issue affects Login With Ajax: from n/a through 4.1.

Command injection vulnerability in MZK-MF300N all firmware versions allows a network-adjacent unauthenticated attacker to execute an arbitrary command by sending a specially crafted request to a certain port.

Active debug code vulnerability exists in MZK-MF300N all firmware versions. If a logged-in user who knows how to use the debug function accesses the device's management page, an unintended operation may be performed.

Out-of-bounds read vulnerability exists in KV STUDIO Ver.11.64 and earlier and KV REPLAY VIEWER Ver.2.64 and earlier, which may lead to information disclosure or arbitrary code execution by having a user of the affected product open a specially crafted file.

Out-of-bounds write vulnerability exists in KV STUDIO Ver.11.64 and earlier and KV REPLAY VIEWER Ver.2.64 and earlier, which may lead to information disclosure or arbitrary code execution by having a user of the affected product open a specially crafted file.

Generation of predictable identifiers issue exists in Cente middleware TCP/IP Network Series. If this vulnerability is exploited, a remote unauthenticated attacker may interfere communications by predicting some packet header IDs of the device.

Out-of-bounds read vulnerability caused by improper checking of the option length values in IPv6 headers exists in Cente middleware TCP/IP Network Series, which may allow an unauthenticated attacker to stop the device operations by sending a specially crafted packet.

VT STUDIO Ver.8.32 and earlier contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privileges of the running application.

OS command injection vulnerability in BUFFALO wireless LAN routers allows a logged-in user to execute arbitrary OS commands.

Out-of-bounds read vulnerability caused by improper checking of the option length values in IPv6 NDP packets exists in Cente middleware TCP/IP Network Series, which may allow an unauthenticated attacker to stop the device operations by sending a specially crafted packet.

Plaintext storage of a password issue exists in BUFFALO wireless LAN routers, which may allow a network-adjacent unauthenticated attacker with access to the product's login page may obtain configured credentials.

Cross-Site Request Forgery (CSRF) vulnerability in RedNao Extra Product Options Builder for WooCommerce.This issue affects Extra Product Options Builder for WooCommerce: from n/a through 1.2.104.

Cross-Site Request Forgery (CSRF) vulnerability in Themeinwp NewsXpress.This issue affects NewsXpress: from n/a through 1.0.7.

Cross-Site Request Forgery (CSRF) vulnerability in Live Composer Team Page Builder: Live Composer.This issue affects Page Builder: Live Composer: from n/a through 1.5.35.

Cross-Site Request Forgery (CSRF) vulnerability in PluginOps Feather Login Page.This issue affects Feather Login Page: from n/a through 1.1.5.

Cross-Site Request Forgery (CSRF) vulnerability in Anton Aleksandrov WordPress Hosting Benchmark tool.This issue affects WordPress Hosting Benchmark tool: from n/a through 1.3.6.

Cross-Site Request Forgery (CSRF) vulnerability in Etoile Web Design Ultimate Product Catalogue.This issue affects Ultimate Product Catalogue: from n/a through 5.2.15.

Cross-Site Request Forgery (CSRF) vulnerability in Tyche Softwares Currency per Product for WooCommerce.This issue affects Currency per Product for WooCommerce: from n/a through 1.6.0.

Cross-Site Request Forgery (CSRF) vulnerability in Stefano Lissa & The Newsletter Team Newsletter.This issue affects Newsletter: from n/a through 8.0.6.

Cross-Site Request Forgery (CSRF) vulnerability in The Events Calendar.This issue affects The Events Calendar: from n/a through 6.3.0.