An issue was discovered in Bento4 1.5.1.0. There is a heap-based buffer overflow in the AP4_RtpAtom class at Core/Ap4RtpAtom.cpp.

An issue was discovered in Bento4 1.5.1.0. There is a heap-based buffer over-read in the function AP4_BitReader::SkipBits at Core/Ap4Utils.cpp.

SugarCRM Enterprise 9.0.0 allows mobile/error-not-supported-platform.html?desktop_url= XSS.

A potential authorization bypass issue was found in Micro Focus Self Service Password Reset (SSPR) versions prior to: 4.4.0.3, 4.3.0.6, and 4.2.0.6. Upgrade to Micro Focus Self Service Password Reset (SSPR) SSPR versions 4.4.0.3, 4.3.0.6, or 4.2.0.6 as appropriate.

The wp-ultimate-exporter plugin before 1.4.2 for WordPress has CSRF.

The wp-ultimate-csv-importer plugin before 5.6.1 for WordPress has CSRF.

The responsive-menu plugin before 3.1.4 for WordPress has no CSRF protection mechanism for the admin interface.

The newsletter-by-supsystic plugin before 1.1.8 for WordPress has CSRF.

The custom-sidebars plugin before 3.0.8.1 for WordPress has CSRF.

The custom-sidebars plugin before 3.1.0 for WordPress has CSRF related to set location, import actions, and export actions.

The all-in-one-wp-security-and-firewall plugin before 4.0.7 for WordPress has multiple SQL injection issues.

The all-in-one-wp-security-and-firewall plugin before 4.0.9 for WordPress has multiple SQL injection issues.

The wp-editor plugin before 1.2.6 for WordPress has incorrect permissions.

The wp-editor plugin before 1.2.6 for WordPress has CSRF.

The simple-membership plugin before 3.3.3 for WordPress has multiple CSRF issues.

The simple-add-pages-or-posts plugin before 1.7 for WordPress has CSRF for deleting users.

The google-document-embedder plugin before 2.6.2 for WordPress has CSRF.

The google-document-embedder plugin before 2.6.2 for WordPress has XSS.

The google-document-embedder plugin before 2.6.1 for WordPress has XSS.

The all-in-one-wp-security-and-firewall plugin before 3.9.1 for WordPress has multiple SQL injection issues.