An integer overflow in NATS Server before 2.0.2 allows a remote attacker to crash the server by sending a crafted request. If authentication is enabled, then the remote attacker must have first authenticated.

See.sys, up to version 4.25, in SoftEther VPN Server versions 4.29 or older, allows a user to call an IOCTL specifying any kernel address to which arbitrary bytes are written to.

edx-platform before 2016-06-06 allows CSRF.

edx-platform before 2016-06-10 allows account activation with a spoofed e-mail address.

The WP Fastest Cache plugin through 0.8.9.0 for WordPress allows remote attackers to delete arbitrary files because wp_postratings_clear_fastest_cache and rm_folder_recursively in wpFastestCache.php mishandle ../ in an HTTP Referer header.

PDFResurrect 0.15 has a buffer overflow via a crafted PDF file because data associated with startxref and %%EOF is mishandled.

A vulnerability in the web-based management interface of VVX, Trio, SoundStructure, SoundPoint, and SoundStation phones running Polycom UC Software, if exploited, could allow an authenticated, remote attacker with admin privileges to cause a denial of service (DoS) condition or execute arbitrary code.

HumHub Social Network Kit Enterprise v1.3.13 allows remote attackers to find the user accounts existing on any Social Network Kits (including self-hosted ones) by brute-forcing the username after the /u/ initial URI substring, aka Response Discrepancy Information Exposure.

Dolibarr ERP/CRM 9.0.1 provides a module named website that provides for creation of public websites with a WYSIWYG editor. It was identified that the editor also allowed inclusion of dynamic code, which can lead to code execution on the host machine. An attacker has to check a setting on the same page, which specifies the inclusion of dynamic content. Thus, a lower privileged user of the application can execute code under the context and permissions of the underlying web server.

Dolibarr ERP/CRM 9.0.1 provides a web-based functionality that backs up the database content to a dump file. However, the application performs insufficient checks on the export parameters to mysqldump, which can lead to execution of arbitrary binaries on the server. (Malicious binaries can be uploaded by abusing other functionalities of the application.)

Dolibarr ERP/CRM 9.0.1 was affected by stored XSS within uploaded files. These vulnerabilities allowed the execution of a JavaScript payload each time any regular user or administrative user clicked on the malicious link hosted on the same domain. The vulnerabilities could be exploited by low privileged users to target administrators. The viewimage.php page did not perform any contextual output encoding and would display the content within the uploaded file with a user-requested MIME type.

The Unity Web Player plugin before 4.6.6f2 and 5.x before 5.0.3f2 allows attackers to read messages or access online services via a victim's credentials

edx-platform before 2015-09-17 allows XSS via a team name.

edx-platform before 2015-08-17 allows XSS in the Studio listing of courses.

edx-platform before 2015-07-20 allows code execution by privileged users because the course import endpoint mishandles .tar.gz files.

A crafted self-referential DOS partition table will cause all Das U-Boot versions through 2019.07-rc4 to infinitely recurse, causing the stack to grow infinitely and eventually either crash or overwrite other data.

Fleet before 2.1.2 allows exposure of SMTP credentials.

stacktable.js before 1.0.4 allows XSS.

Dependency-Track before 3.5.1 allows XSS.

invenio-app before 1.1.1 allows host header injection.