The Post Views Counter WordPress plugin before 1.3.5 does not sanitise or escape its Post Views Label settings, which could allow high privilege users to perform Cross-Site Scripting attacks in the frontend even when the unfiltered_html capability is disallowed

The mintToken function of a smart contract implementation for CardFactory, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.

Cross-site scripting vulnerability in Responsive Lightbox prior to version 1.7.2 allows an attacker to inject arbitrary web script or HTML via unspecified vectors.