The mtouch-quiz plugin before 3.1.3 for WordPress has XSS via the quiz parameter during a Quiz Manage operation.

The quotes-and-tips plugin before 1.20 for WordPress has XSS.

The relevant plugin before 1.0.8 for WordPress has XSS.

An issue was discovered in PRiSE adAS 1.7.0. Forms have no CSRF protection, letting an attacker execute actions as the administrator.

An issue was discovered in PRiSE adAS 1.7.0. Password hashes are compared using the equality operator. Thus, under specific circumstances, it is possible to bypass login authentication.

An issue was discovered in PRiSE adAS 1.7.0. An authenticated user can change the function used to hash passwords to any function, leading to remote code execution.

An issue was discovered in PRiSE adAS 1.7.0. The newentityID parameter is not properly escaped, leading to a reflected XSS in the error message.

An issue was discovered in PRiSE adAS 1.7.0. The current database password is embedded in the change password form.

An issue was discovered in PRiSE adAS 1.7.0. A file's format is not properly checked, leading to an unrestricted file upload.

An issue was discovered in PRiSE adAS 1.7.0. Certificate data are not properly escaped. This leads to XSS when submitting a rogue certificate.

An issue was discovered in PRiSE adAS 1.7.0. The path is not properly escaped in the medatadata_del method, leading to an arbitrary file read and deletion via Directory Traversal.

An issue was discovered in PRiSE adAS 1.7.0. Log data are not properly escaped, leading to persistent XSS in the administration panel.

An issue was discovered in PRiSE adAS 1.7.0. The OPENSSO module does not properly check the goto parameter, leading to an open redirect that leaks the session cookie.

An issue was discovered in PRiSE adAS 1.7.0. The OPENSSO module does not properly escape output on error, leading to reflected XSS.

LayerBB before 1.1.4 has multiple CSRF issues, as demonstrated by changing the System Settings via admin/general.php.

A stack-based buffer overflow in the subtitle decoder in Libav 12.3 allows attackers to corrupt the stack via a crafted video file in Matroska format, because srt_to_ass in libavcodec/srtdec.c misuses snprintf.

A stack-based buffer overflow in the subtitle decoder in Libav 12.3 allows attackers to corrupt the stack via a crafted video file in Matroska format, because srt_to_ass in libavcodec/srtdec.c misuses snprintf. NOTE: Third parties dispute that this is a vulnerability because “no evidence of a vulnerability is provided” and only “a generic warning from a static code analysis” is provided

In Libav 12.3, a denial of service in the subtitle decoder allows attackers to hog the CPU via a crafted video file in Matroska format, because srt_to_ass in libavcodec/srtdec.c has a complex format argument to sscanf.

An XSS issue was discovered in the checklist plugin before 1.1.9 for WordPress. The fill parameter is not correctly filtered in the checklist-icon.php file, and it is possible to inject JavaScript code.

An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system.