Author: Cyberthreat Blog

XSS exists in Liferay Portal before 7.0 CE GA4 via a bookmark URL.

cmdlineopts.clp in grml-debootstrap in Debian 0.54, 0.68.x before 0.68.1, 0.7x before 0.78 is source without checking that the local directory is writable by non-root users.

The updateMessageStatus function in Android 5.1.1 and earlier allows local users to cause a denial of service (NULL pointer exception and process crash).

The Duplicator plugin in WordPress before 0.5.10 allows remote authenticated users to create and download backup files.

The basic_settings function in the download manager plugin for WordPress before 2.7.3 allows remote authenticated users to update every WordPress option.