The profilegrid-user-profiles-groups-and-communities plugin before 2.8.6 for WordPress has remote code execution via an wp-admin/admin-ajax.php request with the action=pm_template_preview&html=<?php substring followed by PHP code.
The LoginPress plugin before 1.1.4 for WordPress has no capability check for updates to settings.
The ConvertPlus plugin before 3.4.5 for WordPress has an unintended account creation (with the none role) via a request for variants.
The breadcrumbs-by-menu plugin before 1.0.3 for WordPress has XSS.
The breadcrumbs-by-menu plugin before 1.0.3 for WordPress has CSRF.
The crelly-slider plugin before 1.3.5 for WordPress has arbitrary file upload via a PHP file inside a ZIP archive to wp_ajax_crellyslider_importSlider.
The slick-popup plugin before 1.7.2 for WordPress has a hardcoded OmakPass13# password for the slickpopupteam account, after a Subscriber calls a certain AJAX action.
The affiliates-manager plugin before 2.6.6 for WordPress has CSRF.
The JobCareer theme before 2.5.1 for WordPress has stored XSS.
The CarSpot theme before 2.1.7 for WordPress has stored XSS via the Phone Number field.
In Grafana 2.x through 6.x before 6.3.4, parts of the HTTP API allow unauthenticated use. This makes it possible to run a denial of service attack against the server running Grafana.
admin/includes/class.import.snippet.php in the "Woody ad snippets" plugin before 2.2.5 for WordPress allows unauthenticated options import, as demonstrated by storing an XSS payload for remote code execution.
Xpdf 2.00 allows a SIGSEGV in XRef::constructXRef in XRef.cc. NOTE: 2.00 is a version from November 2002.
In SoX 14.4.2, there is an integer overflow in startread in sox-fmt.c. This can, for example, have a resultant NULL pointer dereference.
FreeType before 2.6.1 has a heap-based buffer over-read in T1_Get_Private_Dict in type1/t1parse.c.
FreeType before 2.6.1 has a buffer over-read in skip_comment in psaux/psobjs.c because ps_parser_skip_PS_token is mishandled in an FT_New_Memory_Face operation.
FreeType before 2.6.2 has a heap-based buffer over-read in tt_cmap14_validate in sfnt/ttcmap.c.
The POWER9 backend in GNU Compiler Collection (GCC) before version 10 could optimize multiple calls of the __builtin_darn intrinsic into a single call, thus reducing the entropy of the random number generator. This occurred because a volatile operation was not specified. For example, within a single execution of a program, the output of every __builtin_darn() call may be the same.
The webp-converter-for-media plugin before 1.0.3 for WordPress has CSRF.
The wp-better-permalinks plugin before 3.0.5 for WordPress has CSRF.