A vulnerability was found in Avahi. A reachable assertion exists in the dbus_set_host_name function.

A vulnerability was found in Avahi. A reachable assertion exists in the avahi_escape_label() function.

A vulnerability was found in Avahi, where a reachable assertion exists in avahi_dns_packet_append_record.

Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Lavacode Lava Directory Manager plugin <= 1.1.34 versions.

The Skype Legacy Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'skype-status' shortcode in all versions up to, and including, 3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Denial of Service in JSON-Java versions up to and including 20230618.  A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used.

Cross-Site Request Forgery (CSRF) vulnerability in WP iCal Availability plugin <= 1.0.3 versions.

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mava Software Hotel Management System allows SQL Injection.This issue affects Hotel Management System: before 2.0.

LavaLite CMS v 9.0.0 is vulnerable to Sensitive Data Exposure.

LavaLite CMS v 9.0.0 is vulnerable to Sensitive Data Exposure.