A Stored Cross-Site Scripting (XSS) vulnerability was identified affecting Skybox Change Manager versions 13.2.170 and earlier that allows remote authenticated users to store malicious payloads in the affected field that would then execute in an unsuspecting victim's browser.

A prototype pollution in the lib function of php-date-formatter v1.3.6 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload.

A prototype pollution in the lib.createUploader function of @rpldy/uploader v1.8.1 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload.

SQL Injection vulnerability in SourceCodester Responsive E-Learning System 1.0 allows remote attackers to inject sql query in /elearning/delete_teacher_students.php?id= parameter via id field.

A prototype pollution in the function deepMerge of @stryker-mutator/util v8.6.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload.

A prototype pollution in the lib.fromQuery function of underscore-contrib v0.3.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload.

A prototype pollution in the lib.post function of ajax-request v1.2.3 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload.

A prototype pollution in the lib.parse function of dot-qs v0.2.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload.

A prototype pollution in the lib.merge function of cli-util v1.1.27 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload.

NETGEAR XR1000 before 1.0.0.74, XR1000v2 before 1.1.0.22, and XR500 before 2.3.2.134 allow remote code execution by unauthenticated users.