NDrive(1.2.2).sys in Naver Cloud Explorer has a stack-based buffer overflow, which allows attackers to cause a denial of service when reading data from IOCTL handle.

A flaw was found in samba versions 4.9.x up to 4.9.13, samba 4.10.x up to 4.10.8 and samba 4.11.x up to 4.11.0rc3, when certain parameters were set in the samba configuration file. An unauthenticated attacker could use this flaw to escape the shared directory and access the contents of directories outside the share.

The profilegrid-user-profiles-groups-and-communities plugin before 2.8.6 for WordPress has remote code execution via an wp-admin/admin-ajax.php request with the action=pm_template_preview&html=<?php substring followed by PHP code.

The LoginPress plugin before 1.1.4 for WordPress has SQL injection via an import of settings.

The LoginPress plugin before 1.1.4 for WordPress has no capability check for updates to settings.

The CarSpot theme before 2.1.7 for WordPress has stored XSS via the Phone Number field.

The JobCareer theme before 2.5.1 for WordPress has stored XSS.

The affiliates-manager plugin before 2.6.6 for WordPress has CSRF.

The slick-popup plugin before 1.7.2 for WordPress has a hardcoded OmakPass13# password for the slickpopupteam account, after a Subscriber calls a certain AJAX action.

The crelly-slider plugin before 1.3.5 for WordPress has arbitrary file upload via a PHP file inside a ZIP archive to wp_ajax_crellyslider_importSlider.

The breadcrumbs-by-menu plugin before 1.0.3 for WordPress has CSRF.

The breadcrumbs-by-menu plugin before 1.0.3 for WordPress has XSS.

The ConvertPlus plugin before 3.4.5 for WordPress has an unintended account creation (with the none role) via a request for variants.

In Grafana 2.x through 6.x before 6.3.4, parts of the HTTP API allow unauthenticated use. This makes it possible to run a denial of service attack against the server running Grafana.

Xpdf 2.00 allows a SIGSEGV in XRef::constructXRef in XRef.cc. NOTE: 2.00 is a version from November 2002.

admin/includes/class.import.snippet.php in the "Woody ad snippets" plugin before 2.2.5 for WordPress allows unauthenticated options import, as demonstrated by storing an XSS payload for remote code execution.

FreeType before 2.6.2 has a heap-based buffer over-read in tt_cmap14_validate in sfnt/ttcmap.c.

FreeType before 2.6.1 has a buffer over-read in skip_comment in psaux/psobjs.c because ps_parser_skip_PS_token is mishandled in an FT_New_Memory_Face operation.

FreeType before 2.6.1 has a heap-based buffer over-read in T1_Get_Private_Dict in type1/t1parse.c.

The POWER9 backend in GNU Compiler Collection (GCC) before version 10 could optimize multiple calls of the __builtin_darn intrinsic into a single call, thus reducing the entropy of the random number generator. This occurred because a volatile operation was not specified. For example, within a single execution of a program, the output of every __builtin_darn() call may be the same.