The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF in the add/edit category feature.

The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF in the add/edit map feature.

The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF in the add/edit location feature.

The simple-fields plugin before 1.2 for WordPress has CSRF in the admin interface.

Adobe After Effects versions 16 and earlier have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to arbitrary code execution.

Adobe Prelude CC versions 8.1 and earlier have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to arbitrary code execution.

Adobe Premiere Pro CC versions 13.1.2 and earlier have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to arbitrary code execution.

Adobe Character Animator versions 2.1 and earlier have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to arbitrary code execution.

Zoho ManageEngine ServiceDesk Plus 10 before 10509 allows unauthenticated sensitive information leakage during Fail Over Service (FOS) replication, aka SD-79989.

The ninja-forms plugin before 3.3.21.2 for WordPress has SQL injection in the search filter on the submissions page.

SAP Kernel (ABAP Debugger), versions KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73, KERNEL 7.21, 7.49, 7.53, 7.73, 7.75, 7.76, 7.77, allows a user to execute “Go to statement” without possessing the authorization S_DEVELOP DEBUG 02, resulting in Missing Authorization Check

The simple-login-log plugin before 1.1.2 for WordPress has SQL injection.

The nextgen-gallery plugin before 2.1.57 for WordPress has SQL injection via a gallery name.

The wp-fastest-cache plugin before 0.8.4.9 for WordPress has SQL injection in wp-admin/admin-ajax.php?action=wpfc_wppolls_ajax_request via the poll_id parameter.

The newstatpress plugin before 1.0.1 for WordPress has SQL injection.

The newstatpress plugin before 1.0.4 for WordPress has XSS related to the Referer header.

The newstatpress plugin before 1.0.5 for WordPress has SQL injection related to an IMG element.

The newstatpress plugin before 1.0.5 for WordPress has XSS related to an IMG element.

The newstatpress plugin before 1.0.6 for WordPress has reflected XSS.

A remote code execution vulnerability exists in the SAP NetWeaver UDDI Server (Services Registry), versions 7.10, 7.20, 7.30, 7.31, 7.40, 7.50. Because of this, an attacker can exploit Services Registry potentially enabling them to take complete control of the product, including viewing, changing, or deleting data by injecting code into the working memory which is subsequently executed by the application. It can also be used to cause a general fault in the product, causing the product to terminate.