Deserialization of untrusted data in Microsoft Dataverse allows an authorized attacker to execute code over a network.

The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. A plug-in may be able to inherit app permissions and access user data.

Phpgurukul Human Metapneumovirus (HMPV) – Testing Management System v1.0 is vulnerable to SQL Injection in /patient-report.php via the parameter searchdata..

Varnish Enterprise before 6.0.13r13 allows remote attackers to obtain sensitive information via an out-of-bounds read for range requests on ephemeral MSE4 stevedore objects.

In Linksys E5600 V1.1.0.26, the \usr\share\lua\runtime.lua file contains a command injection vulnerability in the runtime.pingTest function via the pt["count"] parameter.

LoxiLB v.0.9.7 and before is vulnerable to Incorrect Access Control which allows attackers to obtain sensitive information and escalate privileges.

encodeText in QDom in Qt before 6.8.0 has a complex algorithm involving XML string copy and inline replacement of parts of a string (with relocation of later data).

An XSS issue was discovered in OpenSlides before 4.2.5. When submitting descriptions such as Moderator Notes or Agenda Topics, an editor is shown that allows one to format the submitted text. This allows insertion of various HTML elements. When trying to insert a SCRIPT element, it is properly enco…

Phpgurukul Vehicle Record Management System v1.0 is vulnerable to SQL Injection in /index.php via the 'searchinputdata' parameter.

Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.emailReg function. The vulnerability can be triggered via the `pt["email"]` parameter.