Author: Cyberthreat Blog

Cross-site scripting (XSS) vulnerability in popuphelp.php in ATutor 2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the h parameter.

Double-free vulnerability in the sPLT chunk structure and png.c in pngcrush before 1.7.87 allows attackers to have unspecified impact via unknown vectors.

phpFileManager 0.9.8 allows remote attackers to execute arbitrary commands via a crafted URL.

RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications that include terminal escape characters. Printing the gem specification would execute terminal escape sequences.

RubyGems version 2.6.12 and earlier fails to validate specification names, allowing a maliciously crafted gem to potentially overwrite any file on the filesystem.