Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mauro Cordioli Assist24 Help Desk allows DOM-Based XSS.This issue affects Assist24 Help Desk: from n/a through 20150401.2.

Cross-Site Request Forgery (CSRF) vulnerability in Sanjeev Mohindra Awesome Shortcodes For Genesis allows Stored XSS.This issue affects Awesome Shortcodes For Genesis: from n/a through .8.

Unrestricted Upload of File with Dangerous Type vulnerability in Team PushAssist Push Notifications for WordPress by PushAssist allows Upload a Web Shell to a Web Server.This issue affects Push Notifications for WordPress by PushAssist: from n/a through 3.0.8.

Missing Authorization vulnerability in KCT Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT ) All in One allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT ) All in One: from n/a through 2.1.2.

Improper Access Control in some Intel(R) DSA before version 24.3.26.8 may allow an authenticated user to potentially enable escalation of privilege via local access.

Insecure inherited permissions for some Intel(R) DSA software before version 24.3.26.8 may allow an authenticated user to potentially enable escalation of privilege via local access.

Uncontrolled search path in some Intel(R) High Level Synthesis Compiler software for Intel(R) Quartus(R) Prime Pro Edition Software before version 24.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

Authenticated Gaia users can inject code or commands by global variables through special HTTP requests. A Security fix that mitigates this vulnerability is available.

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in David Lingren Media Library Assistant allows Command Injection.This issue affects Media Library Assistant: from n/a through 3.19.

The Editorial Assistant by Sovrn plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajax_zemanta_set_featured_image' function in versions up to, and including, 1.3.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload attachment files (such as jpg, png, txt, zip), and set the post featured image.