The traceroute function on the TP-Link TL-WR840N v4 router with firmware through 0.9.1 3.16 is vulnerable to remote code execution via a crafted payload in an IP address input field.

An issue was discovered in Ampache through 3.9.1. A stored XSS exists in the localplay.php LocalPlay "add instance" functionality. The injected code is reflected in the instances menu. This vulnerability can be abused to force an admin to create a new privileged user whose credentials are known by the attacker.

An issue was discovered in Ampache through 3.9.1. The search engine is affected by a SQL Injection, so any user able to perform lib/class/search.class.php searches (even guest users) can dump any data contained in the database (sessions, hashed passwords, etc.). This may lead to a full compromise of admin accounts, when combined with the weak password generator algorithm used in the lostpassword functionality.

The wpgform plugin before 0.94 for WordPress has eval injection in the CAPTCHA calculation.

The insert-pages plugin before 3.2.4 for WordPress has directory traversal via custom template paths.

The wp-support-plus-responsive-ticket-system plugin before 7.1.0 for WordPress has insecure direct object reference via a ticket number.

The wp-file-upload plugin before 3.4.1 for WordPress has insufficient restrictions on upload of .php.js files.

The rich-counter plugin before 1.2.0 for WordPress has JavaScript injection via a User-Agent header.

The cforms2 plugin before 10.2 for WordPress has XSS.

The wp-support-plus-responsive-ticket-system plugin before 4.1 for WordPress has JavaScript injection.

The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has directory traversal.

The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has incorrect authentication.

The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has full path disclosure.

The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has SQL injection.

In Nexus Repository Manager before 3.18.0, users with elevated privileges can create stored XSS.

When the Elastic APM agent for Python versions before 5.1.0 is run as a CGI script, there is a variable name clash flaw if a remote attacker can control the proxy header. This could result in an attacker redirecting collected APM data to a proxy of their choosing.

A cryptographic issue in OpenPGP.js <=4.2.0 allows an attacker who is able provide forged messages and gain feedback about whether decryption of these messages succeeded to conduct an invalid curve attack in order to gain the victim's ECDH private key.

Improper Verification of a Cryptographic Signature in OpenPGP.js <=4.1.2 allows an attacker to pass off unsigned data as signed.

Improper Verification of a Cryptographic Signature in OpenPGP.js <=4.1.2 allows an attacker to forge signed messages by replacing its signatures with a "standalone" or "timestamp" signature.

NLTK Downloader before 3.4.5 is vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in an NLTK package (ZIP archive) that is mishandled during extraction.