In xfig diagramming tool, a stack-overflow while running fig2dev allows memory corruption via local input manipulation via read_objects function.

A flaw was found in xfig. This vulnerability allows possible code execution via local input manipulation via bezier_spline function.

A Null Pointer Dereference vulnerability in the SonicOS SSLVPN Virtual office interface allows a remote, unauthenticated attacker to crash the firewall, potentially leading to a Denial-of-Service (DoS) condition.

Cross-Site Request Forgery (CSRF) vulnerability in Drupal Search API Solr allows Cross Site Request Forgery.This issue affects Search API Solr: from 0.0.0 before 4.3.9.

Vulnerability in Drupal Sportsleague.This issue affects Sportsleague: *.*.

Vulnerability in Drupal UEditor - 百度编辑器.This issue affects UEditor - 百度编辑器: *.*.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Block Class allows Cross-Site Scripting (XSS).This issue affects Block Class: from 4.0.0 before 4.0.1.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Bootstrap Site Alert allows Cross-Site Scripting (XSS).This issue affects Bootstrap Site Alert: from 0.0.0 before 1.13.0, from 3.0.0 before 3.0.4.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Colorbox allows Cross-Site Scripting (XSS).This issue affects Colorbox: from 0.0.0 before 2.1.3.

BEC Technologies Multiple Routers sys ping Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of BEC Technologies Multiple Routers. Although authentication is required to exploit this vulnerability, t…