An issue was discovered in Atos Unify OpenScape SBC 9 and 10 before 10R2.2.1, Atos Unify OpenScape Branch 9 and 10 before version 10R2.1.1, and Atos Unify OpenScape BCF 10 before 10R9.12.1. A remote code execution vulnerability may allow an unauthenticated attacker (with network access to the admin interface) to disrupt system availability or potentially compromise the confidentiality and integrity of the system.

A vulnerability was found in Tecrail Responsive Filemanger up to 9.10.x and classified as critical. The manipulation leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 9.11.0 is able to address this issue. It is recommended to upgrade the affected component.

A vulnerability was found in InfiniteWP Client Plugin 1.5.1.3/1.6.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to injection. The attack can be launched remotely. Upgrading to version 1.6.1.1 is able to address this issue. It is recommended to upgrade the affected component.

DataEase v1.11.1 was discovered to contain a arbitrary file write vulnerability via the parameter dataSourceId.

An issue in the component /api/plugin/upload of Dataease v1.11.1 allows attackers to execute arbitrary code via a crafted plugin.

The package convert-svg-core before 0.6.2 are vulnerable to Remote Code Injection via sending an SVG file containing the payload.

Authentication Bypass vulnerability in CodexShaper's WP OAuth2 Server plugin <= 1.0.1 at WordPress.

A vulnerability, which was classified as critical, has been found in Itech Movie Portal Script 7.36. This issue affects some unknown processing of the file /film-rating.php. The manipulation of the argument v leads to sql injection (Error). The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

A vulnerability classified as critical was found in Itech Movie Portal Script 7.36. This vulnerability affects unknown code of the file /artist-display.php. The manipulation of the argument act leads to sql injection (Union). The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

A vulnerability classified as critical has been found in Itech Movie Portal Script 7.36. This affects an unknown part of the file /movie.php. The manipulation of the argument f leads to sql injection (Union). It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

A vulnerability was found in Itech Movie Portal Script 7.36. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /show_news.php. The manipulation of the argument id with the input AND (SELECT 1222 FROM(SELECT COUNT(*),CONCAT(0x71786b7a71,(SELECT (ELT(1222=1222,1))),0x717a627871,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) leads to sql injection (Error). The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

The scu-captcha package in PyPI v0.0.1 to v0.0.4 included a code execution backdoor inserted by a third party.

The eziod package in PyPI before v0.0.1 included a code execution backdoor inserted by a third party.

The PyCrowdTangle package in PyPI before v0.0.1 included a code execution backdoor inserted by a third party.

The wikifaces package in PyPI v1.0 included a code execution backdoor inserted by a third party.

The bin-collection package in PyPI before v0.1 included a code execution backdoor inserted by a third party.

The bin-collect package in PyPI before v0.1 included a code execution backdoor inserted by a third party.

The affected product is vulnerable to two instances of command injection, which may allow an attacker to remotely execute arbitrary code.

The affected product is vulnerable to directory traversal, which may allow an attacker to access unauthorized files and execute arbitrary code.

Use after free in Browser UI in Google Chrome on Chrome OS prior to 99.0.4844.74 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.