Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Joost de Valk Enhanced WP Contact Form plugin <= 2.2.3 versions.

An issue found in Cesanta MJS v.1.26 allows a local attacker to cause a denial of service via the mjs_execute function in mjs.c.

Buffer Overflow vulnerability found in Cesanta MJS v.1.26 allows a local attacker to cause a denial of service via the mjs_mk_string function in mjs.c.

File upload vulnerability in Antabot White-Jotter v0.2.2, allows remote attackers to execute malicious code via the file parameter to function coversUpload.

Contao is an open source content management system. Prior to versions 4.9.40, 4.13.21, and 5.1.4, logged in users can list arbitrary system files in the file manager by manipulating the Ajax request. However, it is not possible to read the contents of these files. Users should update to Contao 4.9.40, 4.13.21 or 5.1.4 to receive a patch. There are no known workarounds.

Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjs_ffi_cb_free at src/mjs_ffi.c. This vulnerability can lead to a Denial of Service (DoS).

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Karishma Arora AI Contact Us Form plugin <= 1.0 versions.

In Phoenix Contacts ENERGY AXC PU Web service an authenticated restricted user of the web frontend can access, read, write and create files throughout the file system using specially crafted URLs via the upload and download functionality of the web service. This may lead to full control of the service.

ENTAB ERP 1.0 allows attackers to discover users' full names via a brute force attack with a series of student usernames such as s10000 through s20000. There is no rate limiting.

Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ffi_cb_impl_wpwwwww at src/mjs_ffi.c. This vulnerability can lead to a Denial of Service (DoS).