File Upload vulnerability in Microweber v.2.0.4 allows a remote attacker to execute arbitrary code via a crafted script to the file upload function in the created forms component.

An heap overflow vulnerability was discovered in Bytecode alliance wasm-micro-runtime v.1.2.3 allows a remote attacker to cause a denial of service via the wasm_loader_prepare_bytecode function in core/iwasm/interpreter/wasm_loader.c.

Microweber CMS version 2.0.1 is vulnerable to stored Cross Site Scripting (XSS) via the profile picture file upload functionality.

Improper Access Control in GitHub repository microweber/microweber prior to 2.0.

Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 2.0.

iSulad uses the lcr+lxc runtime (default) to run malicious images, which can cause DOS.

A potential security vulnerability has been identified in the system BIOS for certain HP PC products which might allow escalation of privilege. HP is releasing firmware updates to mitigate the potential vulnerability.

Micronaut Security is a security solution for applications. Prior to versions 3.1.2, 3.2.4, 3.3.2, 3.4.3, 3.5.3, 3.6.6, 3.7.4, 3.8.4, 3.9.6, 3.10.2, and 3.11.1, IdTokenClaimsValidator skips `aud` claim validation if token is issued by same identity issuer/provider. Any OIDC setup using Micronaut where multiple OIDC applications exists for the same issuer but token auth are not meant to be shared. This issue has been patched in versions 3.1.2, 3.2.4, 3.3.2, 3.4.3, 3.5.3, 3.6.6, 3.7.4, 3.8.4, 3.9.6, 3.10.2, and 3.11.1.

Use of Hard-coded Credentials in GitHub repository microweber/microweber prior to 2.0.

Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 2.0.