Tenda-AC18 V15.03.05.05 was discovered to contain a remote command execution (RCE) vulnerability.

Mealie1.0.0beta3 does not terminate download tokens after a user logs out, allowing attackers to perform a man-in-the-middle attack via a crafted GET request.

Mealie 1.0.0beta3 was discovered to contain an Insecure Direct Object Reference (IDOR) vulnerability which allows attackers to modify user passwords and other attributes via modification of the user_id parameter.

Mealie 1.0.0beta3 employs weak password requirements which allows attackers to potentially gain unauthorized access to the application via brute-force attacks.

Kiosk breakout (without quit password) in Safe Exam Browser (Windows) <3.4.0, which allows an attacker to achieve code execution via the browsers' print dialog.

In Jellyfin before 10.8, stored XSS allows theft of an admin access token.

In Jellyfin before 10.8, the /users endpoint has incorrect access control for admin functionality.

Use After Free in GitHub repository vim/vim prior to 9.0.0225.

A Java Deserialization vulnerability in the Fishbowl Server in Fishbowl Inventory before 2022.4.1 allows remote attackers to execute arbitrary code via a crafted XML payload.

Insecure Storage of Sensitive Information in GitHub repository chatwoot/chatwoot prior to 2.6.0.

A vulnerability, which was classified as critical, was found in Laravel 5.1. Affected is an unknown function. The manipulation leads to deserialization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-206688.

In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service targeting the build information request validation.

In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service using the Variable Project Template.

In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service via the package upload function.

In affected versions of Octopus Deploy it is possible to unmask sensitive variables by using variable preview.

Printix Cloud Print Management v1.3.1149.0 for Windows was discovered to contain insecure permissions.

Cross Site Scripting (XSS) vulnerability exists in the phpgurukul Online Marriage Registration System 1.0 allows attackers to run arbitrary code via the wzipcode field.

Hardcoded JWT Secret in AgileConfig <1.6.8 Server allows remote attackers to use the generated JWT token to gain administrator access.

lib/omniauth/failure_endpoint.rb in OmniAuth before 1.9.2 (and before 2.0) does not escape the message_key value.

Unsafe Parsing of a PNG tRNS chunk in FastStone Image Viewer through 7.5 results in a stack buffer overflow.