Pillow has multiple out-of-bounds reads in `libImaging/FliDecode.c`.

A specially crafted sequence of `HTTP/2` requests sent to Apache Tomcat could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent `HTTP/2` connections, the server could become unresponsive.

In `libImaging/Jpeg2KDecode.c` in Pillow there are multiple out-of-bounds reads via a crafted JP2 file.

In `libImaging/PcxDecode.c` in Pillow, an out-of-bounds read can occur when reading PCX files where `state->shuffle` is instructed to read beyond `state->buffer`.

In `libImaging/SgiRleDecode.c`, a number of out-of-bounds reads exist in the parsing of SGI image files.

In Pillow there are two Buffer Overflows in `libImaging/TiffDecode.c`.

Magento and earlier and earlier (see note) and earlier and earlier have a security mitigation bypass vulnerability. Successful exploitation could lead to arbitrary code execution.

Magento has a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.

Magento has a defense-in-depth security mitigation vulnerability. Successful exploitation could lead to unauthorized access to admin panel.

Magento has an authorization bypass vulnerability. Successful exploitation could lead to potentially unauthorized product discounts.

In Limdu, the `trainBatch` function has a command injection vulnerability. Clients of the Limdu library are unlikely to be aware of this, so they might unwittingly write code that contains a vulnerability.

Magento has a security mitigation bypass vulnerability. Successful exploitation could lead to arbitrary code execution.

Magento has a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.

Magento has a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.

Magento has a defense-in-depth security mitigation vulnerability. Successful exploitation could lead to arbitrary code execution.

Magento has a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.

An issue was discovered in the acf-to-rest-api plugin for WordPress. It allows an insecure direct object reference via permalinks manipulation, as demonstrated by a `wp-json/acf/v3/options/` request that reads sensitive information in the `wp_options` table, such as the login and password values.

Magento has a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.

Magento has a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.

Magento has a security mitigation bypass vulnerability. Successful exploitation could lead to arbitrary code execution.

Magento has a security mitigation bypass vulnerability. Successful exploitation could lead to arbitrary code execution.

Magento has a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.

Magento has a business logic error vulnerability. Successful exploitation could lead to privilege escalation.

Magento has an observable timing discrepancy vulnerability. Successful exploitation could lead to signature verification bypass.

An issue was discovered in the jsrsasign package for Node.js. It allows for malleability in ECDSA signatures by not checking overflows in the length of a sequence and `0` characters appended or prepended to an integer. The modified signatures are verified as valid. This could have a security-relevant impact if an application relied on a single canonical signature.

A vulnerability was found in Keycloak where every Authorization URL that points to an IDP server lacks proper input validation. This flaw allows a malicious to craft deep links that introduce further attack scenarios on affected clients.

An issue was discovered in the jsrsasign package for Node.js. Its RSA PKCS1 v1.5 decryption implementation does not detect ciphertext modification by prepending `\0` bytes to ciphertexts (it decrypts modified ciphertexts without error). An attacker might prepend these bytes with the goal of triggering memory corruption issues.

An issue was discovered in the jsrsasign package for Node.js. Its RSA-PSS implementation does not detect signature manipulation/modification by prepending `\0` bytes to a signature (it accepts these modified signatures as valid). An attacker can abuse this behavior in an application by creating multiple valid signatures where only one signature should exist. Also, an attacker might prepend these bytes with the goal of triggering memory corruption issues.

The `modules\users\admin\add_user.php` in NukeViet suffers from CSRF which may allow attackers to trick victim administrators into adding a user account via the `admin/index.php?nv=users&op=user_add` URI.

Tendenci allows unrestricted deserialization in `apps\helpdesk\views\staff.py`.

The `modules\users\admin\edit.php` in NukeViet suffers from CSRF which may allow attackers to change a user's password via the `admin/index.php?nv=users&op=edit&userid=` URI. This is due to the old password not being required during the change password function.

`clearsystem.php` in NukeViet allows CSRF with resultant HTML injection via the `deltype` parameter to the `admin/index.php?nv=webtools&op=clearsystem` URI.

When using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass.

WooCommerce when it handles CSV imports of products, has a cross-site request forgery (CSRF) issue with resultant stored cross-site scripting (XSS) via `includes/admin/importers/class-wc-product-csv-importer-controller.php`.

Sensitive information written to a log file vulnerability was found in `jaegertracing/jaeger` when the Kafka data store is used. This flaw allows an attacker with access to the container's log file to discover the Kafka credentials.

Apache Archiva login service is vulnerable to LDAP injection. An attacker is able to retrieve user attribute data from the connected LDAP server by providing special values to the login form. With certain characters it is possible to modify the LDAP filter used to query the LDAP users. By measuring the response time for the login request, arbitrary attribute data can be retrieved from LDAP user objects.

Open-iSCSI rtslib-fb has weak permissions for `/etc/target/saveconfig.json` because `shutil.copyfile` (instead of `shutil.copy`)` is used, and thus permissions are not preserved.

The `mergeObjects` utility function is susceptible to Prototype Pollution.

A client side enforcement of server side security vulnerability exists in rails and rails ActiveStorage's S3 adapter that allows the `Content-Length` of a direct file upload to be modified by an end user bypassing upload limits.

Strapi could allow a remote authenticated attacker to bypass security restrictions because templates are stored in a global variable without any sanitation. By sending a specially crafted request, an attacker could exploit this vulnerability to update the email template for both password reset and account confirmation emails.

Apache Archiva login service is vulnerable to LDAP injection. An attacker is able to retrieve user attribute data from the connected LDAP server by providing special values to the login form. With certain characters it is possible to modify the LDAP filter used to query the LDAP users. By measuring the response time for the login request, arbitrary attribute data can be retrieved from LDAP user objects.

A CSRF vulnerability exists in Rails' rails-ujs module that could allow attackers to send CSRF tokens to wrong domains.

A reflected cross-site scripting (XSS) vulnerability in Dolibarr allows remote attackers to inject arbitrary web script or HTML into `public/notice.php`.

An SQL injection vulnerability in `accountancy/customer/card.php` in Dolibarr allows remote authenticated users to execute arbitrary SQL commands via the `id` parameter.

A directory traversal vulnerability in EC-CUBE allows remote authenticated attackers to delete arbitrary files and/or directories on the server via unspecified vectors.

A deserialization of untrusted data vulnernerability exists in rails that can allow an attacker to unmarshal user-provided objects in `MemCacheStore` and `RedisCacheStore` potentially resulting in an RCE.

The `x/text` package contains a vulnerability in `encoding/unicode` that could lead to the UTF-16 decoder entering an infinite loop, causing the program to crash or run out of memory. An attacker could provide a single byte to a UTF16 decoder instantiated with `UseBOM` or `ExpectBOM` to trigger an infinite loop if the String function on the Decoder is called, or the Decoder is passed to `golang.org/x/text/transform.String`.

MJML contains a path traversal vulnerability when processing the `mj-include` directive within an MJML document.

When HTML is sanitized using the 'relaxed' config with sanitize, or a custom config that allows certain elements, some content in a `math` or `svg` element may not be sanitized correctly.