Arcserve UDP through 9.0.6034 allows authentication bypass. The method getVersionInfo at WebServiceImpl/services/FlashServiceImpl leaks the AuthUUID token. This token can be used at /WebServiceImpl/services/VirtualStandbyServiceImpl to obtain a valid session. This session can be used to execute any task as administrator.

The File Manager Advanced Shortcode WordPress plugin through 2.3.2 does not adequately prevent uploading files with disallowed MIME types when using the shortcode. This leads to RCE in cases where the allowed MIME type list does not include PHP files. In the worst case, this is available to unauthenticated users.

Command Injection vulnerability in MagnusSolution magnusbilling 6.x and 7.x allows remote attackers to run arbitrary commands via unauthenticated HTTP request.

Fortra Globalscape EFT's administration server suffers from an information disclosure vulnerability where the serial number of the harddrive that Globalscape is installed on can be remotely determined via a "trial extension request" message

Fortra Globalscape EFT versions before 8.1.0.16 suffer from a denial of service vulnerability, where a compressed message that decompresses to itself can cause infinite recursion and crash the service

CloudPanel 2 before 2.3.1 has insecure file-manager cookie authentication.

Microsoft Edge (Chromium-based) Information Disclosure Vulnerability

Microsoft OneNote Spoofing Vulnerability

Microsoft Outlook Remote Code Execution Vulnerability

Microsoft SharePoint Server Elevation of Privilege Vulnerability