HashiCorp’s go-getter library can be coerced into executing Git update on an existing maliciously modified Git Configuration, potentially leading to arbitrary code execution.

An issue was discovered in VirtoSoftware Virto Bulk File Download 5.5.44 for SharePoint 2019. The Virto.SharePoint.FileDownloader/Api/Download.ashx isCompleted method allows an NTLMv2 hash leak via a UNC share pathname in the path parameter.

An issue was discovered in VirtoSoftware Virto Bulk File Download 5.5.44 for SharePoint 2019. It discloses full pathnames via Virto.SharePoint.FileDownloader/Api/Download.ashx?action=archive.

An issue was discovered in VirtoSoftware Virto Bulk File Download 5.5.44 for SharePoint 2019. The Virto.SharePoint.FileDownloader/Api/Download.ashx isCompleted method allows arbitrary file download and deletion via absolute path traversal in the path parameter.

Local privilege escalation vulnerability allowed an attacker to misuse ESET's file operations during a restore operation from quarantine.

The Simple Share Buttons Adder WordPress plugin before 8.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed

Microsoft SharePoint Server Remote Code Execution Vulnerability

Missing Authorization vulnerability in appscreo Easy Social Share Buttons.This issue affects Easy Social Share Buttons: from n/a through 9.4.

Missing Authorization vulnerability in Social Share Pro Social Share Icons & Social Share Buttons.This issue affects Social Share Icons & Social Share Buttons: from n/a through 3.6.2.

The WPUpper Share Buttons plugin for WordPress is vulnerable to unauthorized access of data when preparing sharing links for posts and pages in all versions up to, and including, 3.43. This makes it possible for unauthenticated attackers to obtain the contents of password protected posts and pages.