LightCMS v2.0 is vulnerable to Cross Site Scripting (XSS) in the Content Management - Articles field.

LightCMS v1.3.7 was discovered to contain a remote code execution (RCE) vulnerability via the image:make function.

A stored cross-site scripting (XSS) vulnerability in LightCMS v1.3.11 allows attackers to execute arbitrary web scripts or HTML via uploading a crafted PDF file.

A vulnerability was found in HTC One/Sense 4.x. It has been rated as problematic. Affected by this issue is the certification validation of the mail client. An exploit has been disclosed to the public and may be used.

LightCMS v1.3.5 contains a remote code execution vulnerability in /app/Http/Controllers/Admin/NEditorController.php during the downloading of external images.

A stored-self XSS exists in LightCMS v1.3.4, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/SensitiveWords.

Sigil before 0.9.16 is vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in a ZIP archive entry that is mishandled during extraction.

FlightCrew v0.9.2 and older are vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in a ZIP archive entry that is mishandled during extraction.

An issue was discovered in FlightCrew v0.9.2 and earlier. A NULL pointer dereference occurs in GetRelativePathToNcx() or GetRelativePathsToXhtmlDocuments() when a NULL pointer is passed to xc::XMLUri::isValidURI(). This affects third-party software (not Sigil) that uses FlightCrew as a library.

Privilege escalation in the "HTC Account Service" and "ViveportDesktopService" in HTC VIVEPORT before 1.0.0.36 allows local attackers to escalate privileges to SYSTEM via reconfiguration of either service.