#perl

OpenAI has new tools that give you more control over your information—although they may not go far enough.

WWBN AVideo is an open source video platform. In AVideo prior to version 12.4, a normal user can make a Meeting Schedule where the user can invite another user in that Meeting, but it does not properly sanitize the malicious characters when creating a Meeting Room. This allows attacker to insert malicious scripts. Since any USER including the ADMIN can see the meeting room that was created by the attacker this can lead to cookie hijacking and takeover of any accounts. Version 12.4 contains a patch for this issue.

Vyper is a pythonic smart contract language for the EVM. The storage allocator does not guard against allocation overflows in versions prior to 0.3.8. An attacker can overwrite the owner variable. This issue was fixed in version 0.3.8.

Ubuntu Security Notice 6059-1 - It was discovered that Erlang did not properly implement TLS client certificate validation during the TLS handshake. A remote attacker could use this issue to bypass client authentication.

Rollout::UI version 0.5 suffers from a cross site scripting vulnerability.

The Bitcoin / AltCoin Payment Gateway for WooCommerce & Multivendor store / shop WordPress plugin through 1.7.1 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by authenticated users

The Video List Manager WordPress plugin through 1.7 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin

The WP Popups WordPress plugin before 2.1.5.1 does not properly escape the href attribute of its spu-facebook-page shortcode before outputting it back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. This is due to an insufficient fix of CVE-2023-24003

The NEX-Forms WordPress plugin before 8.4 does not properly escape the `table` parameter, which is populated with user input, before concatenating it to an SQL query.

Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stack-based Buffer Overflow vulnerability, which can be triggered by authenticated users via a crafted POST request.