CVE

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

The WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 7.6.4. This is due to insufficient encryption on the user being supplied during a login validated through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they know the email address associated with that user. This was partially patched in version 7.6.4 and fully patched in version 7.6.5.

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

Microsoft Edge (Chromium-based) Spoofing Vulnerability

Mailform Pro CGI 4.3.1.2 and earlier allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition.

calamares-nixos-extensions provides Calamares branding and modules for NixOS, a distribution of GNU/Linux. Users of calamares-nixos-extensions version 0.3.12 and prior who installed NixOS through the graphical calamares installer, with an unencrypted `/boot`, on either non-UEFI systems or with a LUKS partition different from `/` have their LUKS key file in `/boot` as a plaintext CPIO archive attached to their NixOS initrd. A patch is available and anticipated to be part of version 0.3.13 to backport to NixOS 22.11, 23.05, and unstable channels. Expert users who have a copy of their data may, as a workaround, re-encrypt the LUKS partition(s) themselves.

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

Traggo Server 0.3.0 is vulnerable to directory traversal via a crafted GET request.

Chemex through 3.7.1 is vulnerable to arbitrary file upload.

Multiple cross-site scripting (XSS) vulnerabilities were discovered in Church CRM v4.5.3 in GroupReports.php via GroupRole, ReportModel, and OnlyCart parameters.