Kaseya Unitrends Client/Agent through 10.5,5 allows remote attackers to execute arbitrary code.

The Migration, Backup, Staging WordPress plugin before 0.9.70 does not sanitise and escape the sub_page parameter before outputting it back in the page, leading to a reflected Cross-Site Scripting

Arbitrary File Read vulnerability in WPvivid Team Migration, Backup, Staging – WPvivid (WordPress plugin) versions <= 0.9.70

Improper authentication in Veeam Backup & Replication 9.5U3, 9.5U4,10.x and 11.x component used for Microsoft System Center Virtual Machine Manager (SCVMM) allows attackers execute arbitrary code via Veeam.Backup.PSManager.exe

Veeam Backup & Replication 10.x and 11.x has Incorrect Access Control (issue 1 of 2).

Improper limitation of path names in Veeam Backup & Replication 9.5U3, 9.5U4,10.x, and 11.x allows remote authenticated users access to internal API functions that allows attackers to upload and execute arbitrary code.

The Migration, Backup, Staging WordPress plugin before 0.9.69 does not have authorisation when adding remote storages, and does not sanitise as well as escape a parameter from such unauthenticated requests before outputting it in admin page, leading to a Stored Cross-Site Scripting issue

The Database Backup for WordPress plugin before 2.5.1 does not properly sanitise and escape the fragment parameter before using it in a SQL statement in the admin dashboard, leading to a SQL injection issue

Null pointer dereference in subsystem for Intel(R) AMT before versions 15.0.35 may allow an authenticated user to potentially enable denial of service via network access.

Improper input validation in the firmware for some Intel(R) Processors may allow an authenticated user to potentially enable an escalation of privilege via local access.