The Showbiz Pro plugin through 1.7.1 for WordPress has PHP code execution by uploading a .php file within a ZIP archive.

Source

The Exquisite Ultimate Newspaper theme 1.3.3 for WordPress has XSS via the anchor identifier to assets/js/jquery.foundation.plugins.js.

Source

Adobe Experience Manager Forms versions 6.3-6.5 have a reflected cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.

Source

In the Loofah gem for Ruby through v2.3.0 unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished.

Source

The ad-inserter plugin before 1.5.3 for WordPress has CSRF with resultant XSS via wp-admin/options-general.php?page=ad-inserter.php.

Source

The wps-hide-login plugin before 1.1 for WordPress has CSRF that affects saving an option value.

Source

The indieweb-post-kinds plugin before 1.3.1.1 for WordPress has XSS via the genericons/example.html anchor identifier.

Source

The syndication-links plugin before 1.0.3 for WordPress has XSS via the genericons/example.html anchor identifier.

Source

The my-wish-list plugin before 1.4.2 for WordPress has multiple XSS issues.

Source

Apache Traffic Server is vulnerable to HTTP/2 setting flood attacks. Earlier versions of Apache Traffic Server didn't limit the number of setting frames sent from the client using the HTTP/2 protocol. Users should upgrade to Apache Traffic Server 7.1.7, 8.0.4, or later versions.

Source