Norton Password Manager, prior to 6.5.0.2104, may be susceptible to an information disclosure issue, which is a type of vulnerability whereby there is an unintentional disclosure of information to an actor that is not explicitly authorized to have access to that information.

An issue was discovered in ASUSWRT 3.0.0.4.384.20308. There is a stack-based buffer overflow issue in parse_req_queries function in wanduck.c via a long string over UDP, which may lead to an information leak.

An issue was discovered in GitLab Community and Enterprise Edition 8.18 through 12.2.1. An internal endpoint unintentionally disclosed information about the last pipeline that ran for a merge request.

A reflected Cross-site scripting (XSS) vulnerability in HRworks V 1.16.1 allows remote attackers to inject arbitrary web script or HTML via the URL parameter to the Login component.

The ScoreMe theme through 2016-04-01 for WordPress has XSS via the s parameter.

The music-store plugin before 1.0.43 for WordPress has XSS via the wp-admin/admin.php?page=music-store-menu-reports from_year parameter.

The imdb-widget plugin before 1.0.9 for WordPress has Local File Inclusion.

The wp-cerber plugin before 2.7 for WordPress has XSS via the X-Forwarded-For HTTP header.

The leenkme plugin before 2.6.0 for WordPress has wp-admin/admin.php?page=leenkme_facebook CSRF.

The leenkme plugin before 2.6.0 for WordPress has stored XSS via facebook_message, facebook_linkname, facebook_caption, facebook_description, default_image, or _wp_http_referer.

The persian-woocommerce-sms plugin before 3.3.4 for WordPress has ps_sms_numbers XSS.

The tweet-wheel plugin before 1.0.3.3 for WordPress has XSS via consumer_key, consumer_secret, access_token, and access_token_secret.

The echosign plugin before 1.2 for WordPress has XSS via the templates/add_templates.php id parameter.

The echosign plugin before 1.2 for WordPress has XSS via the inc.php page parameter.

The ghost plugin before 0.5.6 for WordPress has no access control for wp-admin/tools.php?ghostexport=true downloads of exported data.

The kento-post-view-counter plugin through 2.8 for WordPress has wp-admin/admin.php?page=kentopvc_settings CSRF.

The kento-post-view-counter plugin through 2.8 for WordPress has stored XSS via kento_pvc_numbers_lang, kento_pvc_today_text, or kento_pvc_total_text.

The kento-post-view-counter plugin through 2.8 for WordPress has XSS via kento_pvc_geo.

The fossura-tag-miner plugin before 1.1.5 for WordPress has XSS.

The fossura-tag-miner plugin before 1.1.5 for WordPress has CSRF.