@adobe/css-tools versions 4.3.1 and earlier are affected by an Improper Input Validation vulnerability that could result in a denial of service while attempting to parse CSS.

SQLi vulnerability in Starshop component for Joomla.

SQLi vulnerability in S5 Register module for Joomla.

SQL injection vulnerability in Buy Addons bavideotab before version 1.0.6, allows attackers to escalate privileges and obtain sensitive information via the component BaVideoTabSaveVideoModuleFrontController::run().

URL Redirection to Untrusted Site ('Open Redirect') vulnerability when "form" authentication is used in Apache Shiro. Mitigation: Update to Apache Shiro 1.13.0+ or 2.0.0-alpha-4+.

SQL njection vulnerability in SunnyToo sturls before version 1.1.13, allows attackers to escalate privileges and obtain sensitive information via StUrls::hookActionDispatcher and StUrls::getInstanceId methods.

A reflected XSS vulnerability was discovered in the Easy Quick Contact module for Joomla.

A reflected XSS vulnerability was discovered in the Clicky Analytics Dashboard module for Joomla.

A reflected XSS vulnerability was discovered in the Joomdoc component for Joomla.

A reflected XSS vulnerability was discovered in the Quickform component for Joomla.

A reflected XSS vulnerability was discovered in the Proforms Basic component for Joomla.

Unauthenticated LFI/SSRF in JCDashboards component for Joomla.

SQLi vulnerability in LMS Lite component for Joomla.

A reflected XSS vulnerability was discovered in the Extplorer component for Joomla.

A reflected XSS vulnerability was discovered in the LivingWord component for Joomla.

There is a denial of service vulnerability in some ZTE mobile internet products. Due to insufficient validation of Web interface parameter, an attacker could use the vulnerability to perform a denial of service attack.

There is a command injection vulnerability in some ZTE mobile internet products. Due to insufficient input validation of multiple network parameters, an authenticated attacker could use the vulnerability to execute arbitrary commands.

There is a buffer overflow vulnerability in some ZTE mobile internet producsts. Due to insufficient validation of tcp port parameter, an authenticated attacker could use the vulnerability to perform a denial of service attack. 

In affected versions of Octopus Server it is possible for the OpenID client secret to be logged in clear text during the configuration of Octopus Server.

Nagios XI before version 5.11.3 was discovered to contain a remote code execution (RCE) vulnerability via the component command_test.php.