Matrix SSL 4.x through 4.6.0 and Rambus TLS Toolkit have a length-subtraction integer overflow for Client Hello Pre-Shared Key extension parsing in the TLS 1.3 server. An attacked device calculates an SHA-2 hash over at least 65 KB (in RAM). With a large number of crafted TLS messages, the CPU becomes heavily loaded. This occurs in tls13VerifyBinder and tls13TranscriptHashUpdate.

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in SERVIT Software Solutions affiliate-toolkit – WordPress Affiliate Plugin.This issue affects affiliate-toolkit – WordPress Affiliate Plugin: from n/a through 3.3.9.

A low-privileged remote attacker could exploit the vulnerability and inject additional system commands via file system libraries which could give the attacker full control of the device.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SERVIT Software Solutions affiliate-toolkit – WordPress Affiliate Plugin allows Reflected XSS.This issue affects affiliate-toolkit – WordPress Affiliate Plugin: from n/a through 3.4.3.

Protection mechanism failure in some Intel(R) oneAPI HPC Toolkit 2023.1 and Intel(R)MPI Library software before version 2021.9 may allow a privileged user to potentially enable escalation of privilege via adjacent access.

Path traversal in the some Intel(R) oneAPI Toolkits and Component software before version 2023.1 may allow authenticated user to potentially enable escalation of privilege via local access.

Cross-Site Request Forgery (CSRF) vulnerability in Pascal Casier bbPress Toolkit plugin <= 1.0.12 versions.

Proxmox proxmox-widget-toolkit before 4.0.9, as used in multiple Proxmox products, allows XSS via the edit notes feature.

WebAssembly wabt 1.0.33 has an Out-of-Bound Memory Read in in DataSegment::IsValidRange(), which lead to segmentation fault.

WebAssembly wabt 1.0.33 contains an Out-of-Bound Memory Write in DataSegment::Drop(), which lead to segmentation fault.