Unverified Password Change for ANC software that allows an authenticated attacker to bypass the old Password check in the password change form via a web HMI This issue affects ANC software version 1.1.4 and earlier.

A vulnerability was found in Netgear WG302v2 up to 5.2.9 and classified as critical. Affected by this issue is the function ui_get_input_value. The manipulation of the argument host leads to command injection. The attack may be launched remotely. The vendor was contacted early about this disclosure…

An app could impersonate system notifications. Sensitive notifications now require restricted entitlements. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.3. An app may be able to cause a denial-of-service.

Missing Authorization vulnerability in David Gwyer Simple Sitemap – Create a Responsive HTML Sitemap simple-sitemap.This issue affects Simple Sitemap – Create a Responsive HTML Sitemap: from n/a through <= 3.6.0.

Missing authorization in Azure Virtual Desktop allows an authorized attacker to elevate privileges over a network.

Improper authorization in Azure Bot Framework SDK allows an unauthorized attacker to elevate privileges over a network.

Improper authorization in Azure allows an authorized attacker to elevate privileges over a network.

Improper verification of cryptographic signature in Microsoft Azure Functions allows an authorized attacker to execute code over a network.

Improper authorization in Azure Bot Framework SDK allows an unauthorized attacker to elevate privileges over a network.

Improper input validation in Microsoft Dynamics allows an unauthorized attacker to disclose information over a network.