Wolf CMS v0.8.3.1 is affected by cross site scripting (XSS) in the module Add Snippet (/?/admin/snippet/add). This allows an attacker to insert arbitrary JavaScript as user input, which will be executed whenever the affected snippet is loaded.

examples/benchmark/tls_bench.c in a benchmark tool in wolfSSL through 3.15.7 has a heap-based buffer overflow.

It was found that wolfssl before 3.15.7 is vulnerable to a new variant of the Bleichenbacher attack to perform downgrade attacks against TLS. This may lead to leakage of sensible data.

WolfCMS 0.8.3.1 has XSS via the /?/admin/page/add slug parameter.

Wolf CMS 0.8.3.1 has XSS in the Snippets tab, as demonstrated by a ?/admin/snippet/edit/1 URI.

WolfSight CMS 3.2 allows SQL injection via the PATH_INFO to the default URI.

wolfcrypt/src/ecc.c in wolfSSL before 3.15.1.patch allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.

The Werewolf Online application 0.8.8 for Android allows attackers to discover the Firebase token by reading logcat output.

Open redirect vulnerability in the login[redirect] parameter login functionality in WolfCMS 0.8.3.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a malformed URL.

Cross-site request forgery (CSRF) vulnerability in WolfCMS 0.8.3.1 allows remote attackers to hijack the authentication of users for requests that modify plugin/[pluginname]/settings by crafting a malicious request.