The liveforms plugin before 3.2.0 for WordPress has SQL injection.

The events-manager plugin before 5.5.7 for WordPress has multiple XSS issues.

The events-manager plugin before 5.5.7.1 for WordPress has DOM XSS.

The events-manager plugin before 5.6 for WordPress has code injection.

The events-manager plugin before 5.6 for WordPress has XSS.

The download-monitor plugin before 1.7.1 for WordPress has XSS related to add_query_arg.

The contact-form-plugin plugin before 3.96 for WordPress has XSS.

The all-in-one-wp-security-and-firewall plugin before 3.9.5 for WordPress has XSS in add_query_arg and remove_query_arg function instances.

The all-in-one-wp-security-and-firewall plugin before 3.9.8 for WordPress has XSS in the unlock request feature.

The contact-form-plugin plugin before 3.52 for WordPress has XSS.

The job-manager plugin before 0.7.19 for WordPress has multiple XSS issues.

The login.jsp resource in Jira before version 7.13.4, and from version 8.0.0 before version 8.2.2 allows remote attackers to enumerate usernames via an information disclosure vulnerability.

NVIDIA Shield TV Experience prior to v8.0, contains a vulnerability in the custom NVIDIA API used in the mount system service where user data could be overridden, which may lead to code execution, denial of service, or information disclosure.

Search Guard versions before 21.0 had an timing side channel issue when using the internal user database.

Search Guard versions before 23.1 had an issue that for aggregations clear text values of anonymised fields were leaked.

An issue was discovered in custom/ajax_download.php in OpenEMR before 5.0.2 via the fileName parameter. An attacker can download any file (that is readable by the user www-data) from server storage. If the requested file is writable for the www-data user and the directory /var/www/openemr/sites/default/documents/cqm_qrda/ exists, it will be deleted from server.

The mAadhaar application 1.2.7 for Android lacks SSL Certificate Validation, leading to man-in-the-middle attacks against requests for FAQs or Help.

An issue was discovered in net/ipv6/ip6mr.c in the Linux kernel before 4.11. By setting a specific socket option, an attacker can control a pointer in kernel land and cause an inet_csk_listen_stop general protection fault, or potentially execute arbitrary code under certain circumstances. The issue can be triggered as root (e.g., inside a default LXC container or with the CAP_NET_ADMIN capability) or after namespace unsharing. This occurs because sk_type and protocol are not checked in the appropriate part of the ip6_mroute_* functions. NOTE: this affects Linux distributions that use 4.9.x longterm kernels before 4.9.187.

Adive Framework through 2.0.7 is affected by XSS in the Create New Table and Create New Navigation Link functions.

In Exiv2 before v0.27.2, there is an integer overflow vulnerability in the WebPImage::getHeaderOffset function in webpimage.cpp. It can lead to a buffer overflow vulnerability and a crash.