Weekly Vulnerabilities Reports > March 6 to 12, 2023

A File Upload vulnerability exists in AvantFAX 3.3.7.

IBM Financial Transaction Manager 3.2.0 through 3.2.10 could allow an authenticated user to perform unauthorized actions due to improper validation.

Memory corruption in modem due to buffer overflow while processing a PPP packet

NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 is vulnerable to cross-site request forgery attacks on all endpoints due to improperly implemented CSRF protections.

NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a file sharing mechanism that unintentionally allows users with upload permissions to execute arbitrary code on the device.

Unrestricted Upload of File with Dangerous Type in GitHub repository cockpit-hq/cockpit prior to 2.4.1.

NextAuth.js is an open source authentication solution for Next.js applications.

An issue was discovered in the Arm Mali GPU Kernel Driver.

A path traversal vulnerability was identified in GitHub Enterprise Server that allowed remote code execution when building a GitHub Pages site.

xCAT is a toolkit for deployment and administration of computer clusters.

feiqu-opensource Background Vertical authorization vulnerability exists in IndexController.java.

The webutils in Proofpoint Enterprise Protection (PPS/POD) contain a vulnerability that allows an authenticated user to execute remote code through 'eval injection'. This affects all versions 8.20.0 and below.

Use after free in Swiftshader in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Type confusion in V8 in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Type confusion in CSS in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Use after free in DevTools in Google Chrome prior to 111.0.5563.64 allowed a remote attacker who had convienced the user to engage in direct UI interaction to potentially exploit heap corruption via a crafted HTML page.

Use after free in WebRTC in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Heap buffer overflow in Metrics in Google Chrome prior to 111.0.5563.64 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.

Heap buffer overflow in UMA in Google Chrome prior to 111.0.5563.64 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.

Heap buffer overflow in Web Audio API in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Use after free in Core in Google Chrome on Lacros prior to 111.0.5563.64 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via crafted UI interaction.

Goutil is a collection of miscellaneous functionality for the go language.

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWeb version 7.0.0 through 7.0.2, FortiWeb version 6.3.6 through 6.3.20, FortiWeb 6.4 all versions allows attacker to execute unauthorized code or commands via specifically crafted HTTP requests.

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in UpThemes Theme DesignFolio Plus 1.2 on WordPress and classified as problematic.

The Plus Addons for Elementor plugin for WordPress is vulnerable to privilege escalation in versions up to, and including 4.1.9 (pro) and 2.0.6 (free).

The JetBackup – WP Backup, Migrate & Restore plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.3.9.

The Envato Elements & Download and Template Kit – Import plugins for WordPress are vulnerable to arbitrary file uploads due to insufficient validation of file type upon extracting uploaded Zip files in the installFreeTemplateKit and uploadTemplateKitZipFile functions.

Uncontrolled search path element vulnerability exists in pg_ivm versions prior to 1.5.1.

A vulnerability was found in WebKit.

AgileBio Electronic Lab Notebook v4.234 was discovered to contain a local file inclusion vulnerability.

Okta Advanced Server Access Client versions 1.13.1 through 1.65.0 are vulnerable to command injection due to the third party library webbrowser.

In the module "Xen Forum" (xenforum) for PrestaShop, an authenticated user can perform SQL injection in versions up to 2.13.0.

jeecg-boot v3.4.4 was discovered to contain an authenticated SQL injection vulnerability via the building block report component.

An issue was discovered in the Arm Mali GPU Kernel Driver.

The Replyable WordPress plugin before 2.2.10 does not validate the class name submitted by the request when instantiating an object in the prompt_dismiss_notice action and also lacks CSRF check in the related action.

A vulnerability, which was classified as problematic, has been found in ECshop up to 4.1.8.

A vulnerability, which was classified as problematic, was found in ECshop up to 4.1.8.

A flaw was found in the c-ares package.

A relative path traversal vulnerability [CWE-23] in Fortinet FortiOS version 7.2.0 through 7.2.2, 7.0.0 through 7.0.8 and before 6.4.11, FortiProxy version 7.2.0 through 7.2.2 and 7.0.0 through 7.0.8 allows privileged VDOM administrators to escalate their privileges to super admin of the box via crafted CLI requests.

A vulnerability, which was classified as critical, has been found in SourceCodester Design and Implementation of Covid-19 Directory on Vaccination System 1.0.

HashiCorp Vault and Vault Enterprise’s approle auth method allowed any authenticated user with access to an approle destroy endpoint to destroy the secret ID of any other role by providing the secret ID accessor.

A vulnerability was found in SourceCodester Online Graduate Tracer System 1.0 and classified as critical.

There exists a privilege escalation vulnerability in SmartBear Zephyr Enterprise through 7.15.0 that could be exploited by authorized users to reset passwords for other accounts.

A vulnerability in the upgrade signature verification of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, local attacker to provide an unauthentic upgrade file for upload. This vulnerability is due to insufficient cryptographic signature verification of upgrade files.

Memory corruption in WLAN HAL while arbitrary value is passed in WMI UTF command payload.

Memory corruption in Modem due to usage of Out-of-range pointer offset in UIM

Memory corruption in modem due to integer overflow to buffer overflow while handling APDU response

Memory corruption in modem due to use of out of range pointer offset while processing qmi msg

Memory corruption due to improper authentication in Qualcomm IPC while loading unsigned lib in audio PD.

Memory corruption in WLAN due to use after free

Memory corruption due to stack based buffer overflow in core while sending command from USB of large size.

Memory corruption due to buffer copy without checking the size of input in HLOS when input message size is larger than the buffer capacity.

Memory corruption in WLAN due to integer overflow to buffer overflow in WLAN during initialization phase.

Memory corruption in WLAN due to incorrect type cast while sending WMI_SCAN_SCH_PRIO_TBL_CMDID message.

Memory corruption in Automotive Android OS due to improper validation of array index.

Memory corruption due to buffer copy without checking the size of input while loading firmware in Linux Kernel.

An improper access control vulnerability in the Trend Micro Apex One agent could allow a local attacker to gain elevated privileges and create arbitrary directories with arbitrary ownership.

A link following vulnerability in the scanning function of Trend Micro Apex One agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

A security agent link following vulnerability in the Trend Micro Apex One agent could allow a local attacker to quarantine a file, delete the original folder and replace with a junction to an arbitrary location, ultimately leading to an arbitrary file dropped to an arbitrary location. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

A security agent link following vulnerability in Trend Micro Apex One could allow a local attacker to exploit the vulnerability by changing a specific file into a pseudo-symlink, allowing privilege escalation on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

The kernel subsystem function check_permission_for_set_tokenid within OpenHarmony-v3.1.5 and prior versions has an UAF vulnerability which local attackers can exploit this vulnerability to escalate the privilege to root.

WebAssembly v1.0.29 was discovered to contain a heap overflow via the component component wabt::Node::operator.

Cscape Envision RV version 4.60 is vulnerable to an out-of-bounds read vulnerability when parsing project (i.e.

Cscape Envision RV version 4.60 is vulnerable to an out-of-bounds write vulnerability when parsing project (i.e.

Cscape Envision RV version 4.60 is vulnerable to an out-of-bounds write vulnerability when parsing project (i.e.

emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to shell command injections through a crafted mailto: URI.

emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to Emacs Lisp code injections through a crafted mailto: URI with unescaped double-quote characters.

A use-after-free flaw was found in the Linux kernel’s nouveau driver in how a user triggers a memory overflow that causes the nvkm_vma_tail function to fail.

A vulnerability, which was classified as critical, was found in kylin-system-updater up to 1.4.20kord on Ubuntu Kylin.

A vulnerability, which was classified as critical, was found in Typora up to 1.5.5 on Windows.

A improper privilege management in Fortinet FortiNAC version 9.4.0 through 9.4.1, FortiNAC version 9.2.0 through 9.2.6, FortiNAC version 9.1.0 through 9.1.8, FortiNAC all versions 8.8, FortiNAC all versions 8.7, FortiNAC all versions 8.6, FortiNAC all versions 8.5, FortiNAC version 8.3.7 allows attacker to escalation of privilege via specially crafted commands.

A use-after-free flaw was found in the Linux kernel’s SGI GRU driver in the way the first gru_file_unlocked_ioctl function is called by the user, where a fail pass occurs in the gru_check_chiplet_assignment function.

An issue in Prism Launcher up to v6.1 allows attackers to perform a directory traversal via importing a crafted .mrpack file.

A vulnerability was found in xiaozhuai imageinfo up to 3.0.3.

All versions of the package sketchsvg are vulnerable to Arbitrary Code Injection when invoking shell.exec without sanitization nor parametrization while concatenating the current directory as part of the command string.

Out-of-bounds read vulnerability exists in Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) Version 1.6.9.0 and earlier.

Out-of-bounds read vulnerability exists in Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) Version 1.6.9.0 and earlier.

Use-after-free vulnerability exists in Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) Version 1.6.9.0 and earlier.

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it.

Rendering of HTML provided by another authenticated user is possible in browser on M-Files Web before 22.12.12140.3.

An improper authentication vulnerability exists in Avalanche version 6.3.x and below allows unauthenticated attacker to modify properties on specific port.

An improper access control vulnerability exists prior to v6 that could allow an attacker to break the E2E encryption of a chat room by a user changing the group key of a chat room.

A DoS vulnerability exists in Rack <v3.0.4.2, <v2.2.6.3, <v2.1.4.3 and <v2.0.9.3 within in the Multipart MIME parsing code in which could allow an attacker to craft requests that can be abuse to cause multipart parsing to take longer than expected.

Vulnerability in Veeam Backup & Replication component allows encrypted credentials stored in the configuration database to be obtained.

Transient DOS due to reachable assertion in modem during MIB reception and SIB timeout

Transient DOS due to reachable assertion in modem when network repeatedly sent invalid message container for NR to LTE handover.

Transient DOS due to reachable assertion in Modem while processing SIB1 Message.

Transient DOS in modem due to reachable assertion.

Transient DOS due to buffer over-read in WLAN Firmware while parsing secure FTMR frame with size lesser than 39 Bytes.

Transient DOS due to reachable assertion in WLAN while processing PEER ID populated by TQM.

Transient DOS due to buffer over-read in WLAN while sending a packet to device.

IBM MQ 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS is vulnerable to a denial of service attack caused by specially crafted PCF or MQSC messages.

Files or Directories Accessible to External Parties vulnerability in Saysis Starcities allows Collect Data from Common Resource Locations.This issue affects Starcities: through 1.3.

Jenkins 2.393 and earlier, LTS 2.375.3 and earlier uses the Apache Commons FileUpload library without specifying limits for the number of request parts introduced in version 1.5 for CVE-2023-24998 in hudson.util.MultipartFormDataParser, allowing attackers to trigger a denial of service.

Jenkins 2.393 and earlier, LTS 2.375.3 and earlier uses the Apache Commons FileUpload library without specifying limits for the number of request parts introduced in version 1.5 for CVE-2023-24998 in org.kohsuke.stapler.RequestImpl, allowing attackers to trigger a denial of service.

Jellyfin up to v10.7.7 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /Repositories.

** UNSUPPORTED WHEN ASSIGNED ** When using the Chainsaw or SocketAppender components with Log4j 1.x on JRE less than 1.7, an attacker that manages to cause a logging entry involving a specially-crafted (ie, deeply nested) hashmap or hashtable (depending on which logging component is in use) to be processed could exhaust the available memory in the virtual machine and achieve Denial of Service when the object is deserialized. This issue affects Apache Log4j before 2.

The kernel subsystem hmdfs within OpenHarmony-v3.1.5 and prior versions has an arbitrary memory accessing vulnerability which network attackers can launch a remote attack to obtain kernel memory data of the target system.

A vulnerability has been found in Ad Blocking Detector Plugin up to 1.2.1 on WordPress and classified as problematic.

A vulnerability in the bidirectional forwarding detection (BFD) hardware offload feature of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers, ASR 9902 Compact High-Performance Routers, and ASR 9903 Compact High-Performance Routers could allow an unauthenticated, remote attacker to cause a line card to reset, resulting in a denial of service (DoS) condition.

crossplane-runtime is a set of go libraries used to build Kubernetes controllers in Crossplane and its related stacks.

An XML External Entity injection (XXE) vulnerability in ENOVIA Live Collaboration V6R2013xE allows an attacker to read local files on the server.

metersphere is an open source continuous testing platform.

onekeyadmin v1.3.9 was discovered to contain an arbitrary file read vulnerability via the component /admin1/file/download.

Bitwarden through 2023.2.1 offers password auto-fill within a cross-domain IFRAME element.

Bitwarden through 2023.2.1 offers password auto-fill when the second-level domain matches, e.g., a password stored for an example.com hosting provider when customer-website.example.com is visited.

REMAP cmd of SVM driver can be used to remap read only memory as read-write, then cause read only memory/file modified.

SmartBear Zephyr Enterprise through 7.15.0 allows unauthenticated users to upload large files, which could exhaust the local drive space, causing a denial of service condition.

There exists an information disclosure vulnerability in SmartBear Zephyr Enterprise through 7.15.0 that could be exploited by unauthenticated users to read arbitrary files from Zephyr instances.

Multiplication of certain unreduced P-256 scalars produce incorrect results.

onekeyadmin v1.3.9 was discovered to contain an arbitrary file read vulnerability via the component /admin1/curd/code.

OWSLib is a Python package for client programming with Open Geospatial Consortium (OGC) web service interface standards, and their related content models.

An uncontrolled resource consumption vulnerability [CWE-400] in FortiRecorder version 6.4.3 and below, 6.0.11 and below login authentication mechanism may allow an unauthenticated attacker to make the device unavailable via crafted GET requests.

The fix for CVE-2022-3437 included changing memcmp to be constant time and a workaround for a compiler bug by adding "!= 0" comparisons to the result of memcmp.

rami.io pretix before 4.17.1 allows OAuth application authorization from a logged-out session.

Zoho ManageEngine ServiceDesk Plus through 14104, Asset Explorer through 6987, ServiceDesk Plus MSP before 14000, and Support Center Plus before 14000 allow Denial-of-Service (DoS).

In Moodle, the file repository's URL parsing required additional recursion handling to mitigate the risk of recursion denial of service.

In Moodle, insufficient redirect handling made it possible to blindly bypass cURL blocked hosts/allowed ports restrictions, resulting in a blind SSRF risk.

A vulnerability classified as critical has been found in Zerocoin libzerocoin.

Download key for a file in a vault was passed in an insecure way that could easily be logged in M-Files New Web in M-Files before 22.11.12011.0. This issue affects M-Files New Web: before 22.11.12011.0.

All versions of the package dot-lens are vulnerable to Prototype Pollution via the set() function in index.js file.

All versions of the package @nubosoftware/node-static; all versions of the package node-static are vulnerable to Directory Traversal due to improper file path sanitization in the startsWith() method in the servePath function.

Improper access control vulnerability in SS1 Ver.13.0.0.40 and earlier and Rakuraku PC Cloud Agent Ver.2.1.8 and earlier allows a remote attacker to bypass access restriction and download an arbitrary file of the directory where the product runs.

An issue has been discovered in GitLab EE affecting all versions starting from 15.1 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2.

A improper neutralization of formula elements in a CSV file vulnerability in Fortinet FortiAnalyzer 6.4.0 - 6.4.9, 7.0.0 - 7.0.5, and 7.2.0 - 7.2.1 allows local attacker to execute unauthorized code or commands via inserting spreadsheet formulas in macro names.

An issue was discovered in eZ Platform Ibexa Kernel before 1.3.26.

A vulnerability was found in Guizhou 115cms 4.2.

A vulnerability, which was classified as critical, has been found in SUL1SS_shop.

CRMEB <=1.3.4 is vulnerable to SQL Injection via /api/admin/user/list.

A improper access control vulnerability in Fortinet FortiSOAR 7.3.0 - 7.3.1 allows an attacker authenticated on the administrative interface to perform unauthorized actions via crafted HTTP requests.

SQL Injection in GitHub repository phpipam/phpipam prior to v1.5.2.

A vulnerability classified as problematic has been found in fastcms.

A vulnerability has been found in ByWater Solutions bywater-koha-xslt and classified as critical.

A improper limitation of a pathname to a restricted directory vulnerability ('path traversal') [CWE-22] in Fortinet FortiOS version 7.2.0 through 7.2.3, 7.0.0 through 7.0.9 and before 6.4.11 allows a privileged attacker to read and write files on the underlying Linux system via crafted CLI commands.

Memory corruption in Core due to time-of-check time-of-use race condition during dump collection in trust zone.

Jenkins 2.393 and earlier, LTS 2.375.3 and earlier creates a temporary file in the default temporary directory with the default permissions for newly created files when uploading a plugin for installation, potentially allowing attackers with access to the Jenkins controller file system to read and write the file before it is used, potentially resulting in arbitrary code execution.

Azure/setup-kubectl is a GitHub Action for installing Kubectl.

NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a file sharing mechanism that allows users with access to this feature to access arbitrary files on the device.

An attacker with physical access to the affected Moxa UC Series devices can initiate a restart of the device and gain access to its BIOS.

In telephone service, there is a missing permission check.

In telephone service, there is a missing permission check.

An issue in the Trend Micro Apex One agent could allow an attacker who has previously acquired administrative rights via other means to bypass the protection by using a specifically crafted DLL during a specific update process. Please note: an attacker must first obtain administrative access on the target system via another method in order to exploit this.

In tinysys, there is a possible out of bounds write due to a missing bounds check.

In vow, there is a possible out of bounds write due to an incorrect bounds check.

In msdc, there is a possible out of bounds write due to an incorrect bounds check.

In pqframework, there is a possible out of bounds write due to a missing bounds check.

In thermal, there is a possible memory corruption due to an uncaught exception.

In usb, there is a possible out of bounds write due to a missing bounds check.

In usb, there is a possible out of bounds write due to a missing bounds check.

In usb, there is a possible out of bounds write due to a missing bounds check.

In widevine, there is a possible out of bounds write due to improper input validation.

In display drm, there is a possible out of bounds write due to a missing bounds check.

In ril, there is a possible out of bounds write due to a missing bounds check.

In ril, there is a possible out of bounds write due to a missing bounds check.

In ril, there is a possible out of bounds write due to a missing bounds check.

In ril, there is a possible out of bounds write due to a missing bounds check.

In ril, there is a possible out of bounds write due to a missing bounds check.

In ril, there is a possible out of bounds write due to a missing bounds check.

In ril, there is a possible out of bounds write due to a missing bounds check.

In apu, there is a possible out of bounds write due to a missing bounds check.

Improper access control in the secure messages feature in Devolutions Server 2022.3.12 and below allows an authenticated attacker that possesses the message UUID to access the data it contains.

Improper removal of sensitive data in the entry edit feature of Hub Business submodule in Devolutions Remote Desktop Manager PowerShell Module 2022.3.1.5 and earlier allows an authenticated user to access sensitive data on entries that were edited using the affected submodule.

Missing validation in DAST analyzer affecting all versions from 1.11.0 prior to 3.0.32, allows custom request headers to be sent with every request, regardless of the host.

metersphere is an open source continuous testing platform.

Consul and Consul Enterprise allowed an authenticated user with service:write permissions to trigger a workflow that causes Consul server and client agents to crash under certain circumstances.

An issue has been discovered in GitLab DAST analyzer affecting all versions starting from 2.0 before 3.0.55, which sends custom request headers with every request on the authentication page.

Stack buffer overflow in Crash reporting in Google Chrome on Windows prior to 111.0.5563.64 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page.

Insufficient policy enforcement in Web Payments API in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to bypass content security policy via a crafted HTML page.

libmemcached-awesome is an open source C/C++ client library and tools for the memcached server.

A exposure of sensitive information to an unauthorized actor in Fortinet FortiManager version 6.0.0 through 6.0.4, FortiAnalyzer version 6.0.0 through 6.0.4, FortiPortal version 6.0.0 through 6.0.9, 5.3.0 through 5.3.8, 5.2.x, 5.1.0, 5.0.x, 4.2.x, 4.1.x, FortiSwitch version 7.0.0 through 7.0.4, 6.4.0 through 6.4.10, 6.2.x, 6.0.x allows an attacker which has obtained access to a restricted administrative account to obtain sensitive information via `diagnose debug` commands.

An access of uninitialized pointer vulnerability [CWE-824] in the SSL VPN portal of Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.9 and before 6.4.11 and FortiProxy version 7.2.0 through 7.2.1, version 7.0.0 through 7.0.7 and before 2.0.11 allows a remote authenticated attacker to crash the sslvpn daemon via an HTTP GET request.

The Plus Addons for Elementor plugin for WordPress is vulnerable to arbitrary file reads in versions up to, and including 4.1.9 (pro) and 2.0.6 (free).

The WP Statistics plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 13.1.1.

An uncontrolled resource consumption flaw was found in openstack-neutron.

A flaw was found in Ceph, relating to the URL processing on RGW backends.

ManageEngine ServiceDesk Plus through 14104, ServiceDesk Plus MSP through 14000, Support Center Plus through 14000, and Asset Explorer through 6987 allow privilege escalation via query reports.

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner.

In ion, there is a possible escalation of privilege due to improper locking.

In adsp, there is a possible double free due to a race condition.

Type confusion in DevTools in Google Chrome prior to 111.0.5563.64 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted UI interaction.

The NEX-Forms.

An issue was discovered in eZ Platform Ibexa Kernel before 1.3.1.1.

A vulnerability was found in dd32 Debug Bar Plugin up to 0.8 on WordPress.

A vulnerability, which was classified as problematic, was found in SourceCodester Design and Implementation of Covid-19 Directory on Vaccination System 1.0.

A vulnerability has been found in SourceCodester Design and Implementation of Covid-19 Directory on Vaccination System 1.0 and classified as problematic.

A vulnerability, which was classified as problematic, has been found in Hsycms 3.1.

HCL Verse is susceptible to a Cross Site Scripting (XSS) vulnerability.

IBM Spectrum Symphony 7.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers.

The help page in GigaVUE-FM, when using GigaVUE-OS software version 5.0 202, does not require an authenticated user.

Cross-site Scripting (XSS) - Stored in GitHub repository osticket/osticket prior to v1.16.6.

A cross-site scripting (XSS) vulnerability in the check_login function of SIPE s.r.l WI400 between version 8 and 11 included allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the f parameter.

A vulnerability was found in Mobile Vikings Django AJAX Utilities up to 1.2.1 and classified as problematic.

A vulnerability, which was classified as problematic, was found in MMDeveloper A Forms Plugin up to 1.4.2 on WordPress.

A vulnerability, which was classified as problematic, was found in SourceCodester File Tracker Manager System 1.0.

An issue has been discovered in GitLab affecting all versions starting from 10.0 to 15.7.8, 15.8 prior to 15.8.4 and 15.9 prior to 15.9.2.

A cross-site scripting (XSS) vulnerability in /kruxton/navbar.php of Best POS Management System 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the page parameter.

A cross-site scripting (XSS) vulnerability in /php-opos/login.php of Online Pizza Ordering System 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the redirect parameter.

A cross-site scripting (XSS) vulnerability in /admin/navbar.php of Online Pizza Ordering System 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the page parameter.

A cross-site scripting (XSS) vulnerability in /php-opos/signup.php of Online Pizza Ordering System 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the redirect parameter.

An issue has been discovered in GitLab DAST analyzer affecting all versions starting from 1.47 before 3.0.51, which sends custom request headers in redirects.

A issue has been discovered in GitLab CE/EE affecting all versions from 15.3 prior to 15.7.8, version 15.8 prior to 15.8.4, and version 15.9 prior to 15.9.2 A cross-site scripting vulnerability was found in the title field of work items that allowed attackers to perform arbitrary actions on behalf of victims at client side.

A vulnerability, which was classified as problematic, has been found in IBOS up to 4.5.5.

A vulnerability classified as problematic was found in SourceCodester Phone Shop Sales Managements System 1.0.

phpipam v1.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the closeClass parameter at /subnet-masks/popup.php.

Cross Site Scripting (XSS) vulnerability in the DataTables plug-in 1.9.2 for jQuery allows attackers to run arbitrary code via the sBaseName parameter to function _fnCreateCookie.

A vulnerability classified as problematic has been found in woo-popup Plugin up to 1.2.2 on WordPress.

PMB v7.4.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the query parameter at /admin/convert/export_z3950_new.php.

PMB v7.4.6 was discovered to contain an open redirect vulnerability via the component /opac_css/pmb.php.

PMB v7.4.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the query parameter at /admin/convert/export_z3950.php.

Cross Site Scripting vulnerability found in VICIdial v2.14-610c and v.2.10-415c allows attackers execute arbitrary code via the /agc/vicidial.php, agc/vicidial-greay.php, and /vicidial/KHOMP_admin.php parameters.

quickentity-editor-next is an open source, system local, video game asset editor.

A vulnerability was found in Fastly Plugin up to 0.97 on WordPress.

A vulnerability was found in Qtranslate Slug Plugin up to 1.1.16 on WordPress.

A vulnerability was found in icplayer up to 0.818.

A vulnerability was found in icplayer up to 0.819.

A vulnerability, which was classified as problematic, has been found in Landing Pages Plugin up to 1.8.7 on WordPress.

Open redirect vulnerability exists in web2py versions prior to 2.23.1.

A vulnerability in the lsi53c895a device affects the latest version of qemu.

A vulnerability was found in ICEPAY REST-API-NET 0.9.

A flaw was found in samba.

NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1402.

Information Disclosure in Graphics during GPU context switch.

A potential security vulnerability has been identified in HPE Superdome Flex and Superdome Flex 280 servers.

In wcn service, there is a possible missing params check.

In wlan driver, there is a possible missing params check.

In wlan driver, there is a possible missing params check.

In wlan driver, there is a possible missing params check.

In wlan driver, there is a possible missing params check.

In wlan driver, there is a possible missing params check.

In wlan driver, there is a possible missing params check.

In gpu device, there is a memory corruption due to a use after free.

In telephony service, there is a missing permission check.

In telephony service, there is a missing permission check.

In telephony service, there is a missing permission check.

In telephony service, there is a missing permission check.

In telephony service, there is a missing permission check.

In telephony service, there is a missing permission check.

In telephony service, there is a missing permission check.

In telephony service, there is a missing permission check.

In telephony service, there is a missing permission check.

In telephony service, there is a missing permission check.

In telephony service, there is a missing permission check.

In telephony service, there is a missing permission check.

In telephony service, there is a missing permission check.

In telephony service, there is a missing permission check.

The ArKUI framework subsystem within OpenHarmony-v3.1.5 and prior versions, OpenHarmony-v3.0.7 and prior versions has an Improper Input Validation vulnerability which local attackers can exploit this vulnerability to send malicious data, causing the current application to crash.

Communication Wi-Fi subsystem within OpenHarmony-v3.1.4 and prior versions, OpenHarmony-v3.0.7 and prior versions has a null pointer reference vulnerability which local attackers can exploit this vulnerability to cause the current application to crash.

The bundle management subsystem within OpenHarmony-v3.1.4 and prior versions has a null pointer reference vulnerability which local attackers can exploit this vulnerability to cause a DoS attack to the system when installing a malicious HAP package.

radare2 v5.8.3 was discovered to contain a segmentation fault via the component wasm_dis at p/wasm/wasm.c.

WebAssembly v1.0.29 was discovered to contain a segmentation fault via the component wabt::cat_compute_size.

WebAssembly v1.0.29 discovered to contain an abort in CWriter::MangleType.

WebAssembly v1.0.29 was discovered to contain a segmentation fault via the component wabt::Decompiler::WrapChild.

An incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the command line interpreter of FortiWeb version 6.4.0 through 6.4.1, FortiWeb version 6.3.0 through 6.3.17, FortiWeb all versions 6.2, FortiWeb all versions 6.1, FortiWeb all versions 6.0, FortiRecorder version 6.4.0 through 6.4.3, FortiRecorder all versions 6.0, FortiRecorder all versions 2.7 may allow an authenticated user to read arbitrary files via specially crafted command arguments.

A vulnerability classified as critical was found in hgzojer Vocable Trainer up to 1.3.0 on Android.

A double-free memory flaw was found in the Linux kernel.

FreshRSS is a self-hosted RSS feed aggregator.

A vulnerability has been found in FabulaTech Webcam for Remote Desktop 2.8.42 and classified as problematic.

A vulnerability was found in FabulaTech Webcam for Remote Desktop 2.8.42 and classified as problematic.

A vulnerability was found in FabulaTech Webcam for Remote Desktop 2.8.42.

A vulnerability was found in WiseCleaner Wise Folder Hider 4.4.3.202.

A Stored Cross-Site Scripting (XSS) vulnerability exists in AvantFAX 3.3.7.

Cross-site Scripting (XSS) - Reflected in GitHub repository osticket/osticket prior to v1.16.6.

Cross-site Scripting (XSS) - Stored in GitHub repository osticket/osticket prior to v1.16.6.

Cross-site Scripting (XSS) - Reflected in GitHub repository osticket/osticket prior to v1.16.6.

Cross-site Scripting (XSS) - Generic in GitHub repository osticket/osticket prior to v1.16.6.

An issue has been discovered in GitLab affecting all versions starting from 15.5 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2.

An issue has been discovered in GitLab affecting all versions starting from 13.7 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2.

An arbitrary file upload vulnerability in Poly Trio 8800 7.2.2.1094 allows attackers to execute arbitrary code via a crafted ringtone file.

Cross-site Scripting in GitHub repository btcpayserver/btcpayserver prior to 1.8.3.

onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Add Menu module.

onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Title parameter under the Adding Categories module.

A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.8, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 allows attacker to execute unauthorized code or commands via specially crafted http requests.

A vulnerability has been found in SourceCodester Health Center Patient Record Management System 1.0 and classified as problematic.

The JetBackup – WP Backup, Migrate & Restore plugin for WordPress is vulnerable to unauthorized back-up location changes in versions up to, and including 1.4.1 due to a lack of proper capability checking on the backup_guard_cloud_dropbox, backup_guard_cloud_gdrive, and backup_guard_cloud_oneDrive functions.

onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the User Group module.

onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Admin Group module.

Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6.

Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6.

Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6.

Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6.

Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6.

Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6.

Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6.

In moodle, ID numbers displayed in the web service token list required additional sanitizing to prevent a stored XSS risk.

In Moodle, ID numbers displayed in the quiz override screens required additional sanitizing to prevent a stored XSS risk.

QlikView 12.60.2 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the QvsViewClient functionality.

Directus is a real-time API and App dashboard for managing SQL database content.

A vulnerability classified as problematic was found in nuxsmin sysPass up to 3.2.4.

A vulnerability was found in ehuacui bbs.

The WordPress Shortcodes WordPress plugin through 1.6.36 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

The eVision Responsive Column Layout Shortcodes WordPress plugin through 2.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

The i2 Pros & Cons WordPress plugin through 1.3.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

The Product GTIN (EAN, UPC, ISBN) for WooCommerce WordPress plugin through 1.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

The WPaudio MP3 Player WordPress plugin through 4.0.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

The Download Attachments WordPress plugin before 1.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

The Resume Builder WordPress plugin through 3.1.1 does not sanitize and escape some parameters related to Resume, which could allow users with a role as low as subscriber to perform Stored XSS attacks against higher privilege users

The Cost Calculator WordPress plugin through 1.8 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

The Advanced Recent Posts WordPress plugin through 0.6.14 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

The Scriptless Social Sharing WordPress plugin before 3.2.2 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

A vulnerability was found in Mark User as Spammer Plugin 1.0.0/1.0.1 on WordPress.

A stored Cross-site Scripting (XSS) vulnerability in BlogEngine.NET 3.3.8.0, allows injection of arbitrary JavaScript in the security context of a blog visitor through an upload of a specially crafted file.

A stored Cross-site Scripting (XSS) vulnerability in BlogEngine.NET 3.3.8.0, allows injection of arbitrary JavaScript in the security context of a blog visitor through an injection of a malicious payload into a blog post.

KioWare through 8.33 on Windows sets KioScriptingUrlACL.AclActions.AllowHigh for the about:blank origin, which allows attackers to obtain SYSTEM access via KioUtils.Execute in JavaScript code.

Cross-site scripting vulnerability in Contents Management of EC-CUBE 4 series (EC-CUBE 4.0.0 to 4.0.6-p2, EC-CUBE 4.1.0 to 4.1.2-p1, and EC-CUBE 4.2.0), EC-CUBE 3 series (EC-CUBE 3.0.0 to 3.0.18-p5), and EC-CUBE 2 series (EC-CUBE 2.11.0 to 2.11.5, EC-CUBE 2.12.0 to 2.12.6, EC-CUBE 2.13.0 to 2.13.5, and EC-CUBE 2.17.0 to 2.17.2) allows a remote authenticated attacker to inject an arbitrary script.

Cross-site scripting vulnerability in Product List Screen and Product Detail Screen of EC-CUBE 4.0.0 to 4.0.6-p2, EC-CUBE 4.1.0 to 4.1.2-p1, and EC-CUBE 4.2.0 allows a remote authenticated attacker to inject an arbitrary script.

Cross-site scripting vulnerability in Authentication Key Settings of EC-CUBE 4.0.0 to 4.0.6-p2, EC-CUBE 4.1.0 to 4.1.2-p1, and EC-CUBE 4.2.0 allows a remote authenticated attacker to inject an arbitrary script.

An issue was discovered in eZ Publish Ibexa Kernel before 7.5.15.1.

Jenkins 2.393 and earlier, LTS 2.375.3 and earlier prints an error stack trace on agent-related pages when agent connections are broken, potentially revealing information about Jenkins configuration that is otherwise inaccessible to attackers.

An issue has been discovered in GitLab affecting all versions starting from 9.0 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2.

An issue has been discovered in GitLab affecting all versions starting from 15.5 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2.

A improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet FortiMail version 6.4.0, version 6.2.0 through 6.2.4 and before 6.0.9 allows a remote unauthenticated attacker to partially exhaust CPU and memory via sending numerous HTTP requests to the login form.

A improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet FortiAuthenticator 6.4.x and before allows a remote unauthenticated attacker to partially exhaust CPU and memory via sending numerous HTTP requests to the login form.

A improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet FortiDeceptor 3.1.x and before allows a remote unauthenticated attacker to partially exhaust CPU and memory via sending numerous HTTP requests to the login form.

The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with some specific unreduced scalars (a scalar larger than the order of the curve).

The CMP – Coming Soon & Maintenance plugin for WordPress is vulnerable to Information Exposure in versions up to, and including, 4.1.6 via the cmp_get_post_detail function.

An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in Fortinet FortiProxy version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.7, FortiOS version 7.2.0 through 7.2.3 and 7.0.0 through 7.0.9 allows an unauthenticated attackers to obtain sensitive logging informations on the device via crafted HTTP GET requests.

In Moodle, Users' names required additional sanitizing in the account confirmation email, to prevent a self-registration phishing risk.

In Moodle, in some circumstances, email notifications of messages could have the link back to the original message hidden by HTML, which may pose a phishing risk.

In Moodle, insufficient capability checks meant message deletions were not limited to the current user.

In Moodle, insufficient capability checks made it possible to remove other users' calendar URL subscriptions.

discourse-yearly-review is a discourse plugin which publishes an automated Year in Review topic.

An Improper Access Control vulnerability in BlogEngine.NET 3.3.8.0, allows unauthenticated visitors to access the files of unpublished blogs.

Versions of the package @nestjs/core before 9.0.5 are vulnerable to Information Exposure via the StreamableFile pipe.

A vulnerability was found in SourceCodester Employee Payslip Generator with Sending Mail 1.2.0 and classified as critical.

An Information Disclosure vulnerability exists in AvantFAX 3.3.7.

flarum is a forum software package for building communities.

crossplane-runtime is a set of go libraries used to build Kubernetes controllers in Crossplane and its related stacks.

A Server-Side Request Forgery (SSRF) in loonflow r2.0.14 allows attackers to force the application to make arbitrary requests via manipulation of the hook_url parameter.

A vulnerability has been found in SourceCodester Gadget Works Online Ordering System 1.0 and classified as problematic.

Cross-site Scripting (XSS) - Stored in GitHub repository osticket/osticket prior to v1.16.6.

An arbitrary file upload vulnerability in Halo up to v1.6.1 allows attackers to execute arbitrary code via a crafted .md file.

Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.19.

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.19.

onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Add Administrator module.

Cross-site Scripting (XSS) - Reflected in GitHub repository answerdev/answer prior to 1.0.6.

Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6.

Cross-site Scripting (XSS) - Stored in GitHub repository phpipam/phpipam prior to v1.5.2.

In Moodle, ID numbers exported in HTML data formats required additional sanitizing to prevent a local stored XSS risk.

Cross-site Scripting (XSS) - Stored in GitHub repository uvdesk/community-skeleton prior to 1.1.0.

A vulnerability in the GRand Unified Bootloader (GRUB) for Cisco IOS XR Software could allow an unauthenticated attacker with physical access to the device to view sensitive files on the console using the GRUB bootloader command line.

Dell BIOS contains an Improper Authorization vulnerability.

NVIDIA CUDA Toolkit SDK contains a vulnerability in cuobjdump, where a local user running the tool against a malicious binary may cause an out-of-bounds read, which may result in a limited denial of service and limited information disclosure.

Jenkins 2.393 and earlier, LTS 2.375.3 and earlier creates a temporary file in the default temporary directory with the default permissions for newly created files when uploading a file parameter through the CLI, potentially allowing attackers with access to the Jenkins controller file system to read and write the file before it is used.

In keyinstall, there is a possible information disclosure due to an integer overflow.

In ril, there is a possible out of bounds read due to a missing bounds check.

In ril, there is a possible out of bounds read due to a missing bounds check.

In ril, there is a possible out of bounds read due to a missing bounds check.

In ril, there is a possible out of bounds read due to a missing bounds check.

In ril, there is a possible out of bounds read due to a missing bounds check.

In ril, there is a possible out of bounds read due to a missing bounds check.

In apu, there is a possible out of bounds read due to a missing bounds check.

Jenkins 2.393 and earlier, LTS 2.375.3 and earlier shows temporary directories related to job workspaces, which allows attackers with Item/Workspace permission to access their contents.

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the clear_page_cache function in versions up to, and including, 1.7.1.

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized cache modification due to a missing capability check on the queue_posts function in versions up to, and including, 1.7.1.

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the ucss_connect function in versions up to, and including, 1.7.1.

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized settings update due to a missing capability check on the ajax_deactivate function in versions up to, and including, 1.7.1.

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check on the clear_uucss_logs function in versions up to, and including, 1.7.1.

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized cache modification due to a missing capability check on the attach_rule function in versions up to, and including, 1.7.1.

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized settings update due to a missing capability check on the uucss_update_rule function in versions up to, and including, 1.7.1.

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1.

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1.

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1.

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1.

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1.

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1.

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1.

An issue has been discovered in GitLab affecting all versions starting from 15.3 before 15.7.8, versions of 15.8 before 15.8.4, and version 15.9 before 15.9.2.

An issue has been discovered in GitLab affecting all versions starting from 12.8 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2.

wasmtime is a fast and secure runtime for WebAssembly.

Insufficient policy enforcement in Extensions API in Google Chrome prior to 111.0.5563.64 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension.

Insufficient policy enforcement in Autofill in Google Chrome on Android prior to 111.0.5563.64 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Insufficient policy enforcement in Web Payments API in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

Insufficient policy enforcement in Navigation in Google Chrome on iOS prior to 111.0.5563.64 allowed a remote attacker to bypass same origin policy via a crafted HTML page.

Insufficient policy enforcement in Intents in Google Chrome on Android prior to 111.0.5563.64 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

Inappropriate implementation in Permission prompts in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

Inappropriate implementation in WebApp Installs in Google Chrome on Android prior to 111.0.5563.64 allowed an attacker who convinced a user to install a malicious WebApp to spoof the contents of the PWA installer via a crafted HTML page.

Inappropriate implementation in Autofill in Google Chrome on Android prior to 111.0.5563.64 allowed a remote attacker to potentially spoof the contents of the omnibox via a crafted HTML page.

Insufficient policy enforcement in Resource Timing in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to obtain potentially sensitive information from API via a crafted HTML page.

Insufficient policy enforcement in Resource Timing in Google Chrome prior to 111.0.5563.64 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from API via a crafted Chrome Extension.

Inappropriate implementation in Intents in Google Chrome on Android prior to 111.0.5563.64 allowed a remote attacker to perform domain spoofing via a crafted HTML page.

Inappropriate implementation in Internals in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to spoof the origin of an iframe via a crafted HTML page.

Directus is a real-time API and App dashboard for managing SQL database content.

thmmniii/fbs-core is an open source feedback system for students.

An information disclosure vulnerability was identified in GitHub Enterprise Server that allowed private repositories to be added to a GitHub Actions runner group via the API by a user who did not have access to those repositories, resulting in the repository names being shown in the UI.

The BackupWordPress plugin for WordPress is vulnerable to information disclosure in versions up to, and including 3.12.

The Total Upkeep plugin for WordPress is vulnerable to information disclosure in versions up to, and including 1.14.13.

The JetBackup – WP Backup, Migrate & Restore plugin for WordPress is vulnerable to sensitive information disclosure in versions up to, and including, 1.4.0 due to a lack of proper capability checking on the backup_guard_get_manual_modal function called via an AJAX action.

Information disclosure vulnerability exists in pg_ivm versions prior to 1.5.1.

The undo_mark_statuses_as_sensitive method in app/services/approve_appeal_service.rb in Mastodon 3.5.x before 3.5.3 does not use the server's representative account, resulting in moderator identity disclosure when a moderator approves the appeal of a user whose status update was marked as sensitive.

The WPCode WordPress plugin before 2.0.7 does not have adequate privilege checks in place for several AJAX actions, only checking the nonce.

In adsp, there is a possible escalation of privilege due to a logic error.

An issue has been discovered in GitLab affecting all versions starting from 12.1 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2.

An issue was discovered in eZ Platform Ibexa Kernel before 1.3.19.

An exposure of sensitive information to an unauthorized actor [CWE-200] vulnerability in FortiAnalyzer versions 7.2.0 through 7.2.1, 7.0.0 through 7.0.4 and 6.4.0 through 6.4.10 may allow a remote authenticated attacker to read the client machine password in plain text in a heartbeat response when a log-fetch request is made from the FortiAnalyzer

A flaw was found in openstack-glance.

An issue has been discovered in GitLab CE/EE affecting all versions before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2.