Discourse before v2.4.0.beta2 lacks a confirmation screen when logging in via an email link.

Source

A spoofing vulnerability exists in the way Microsoft Outlook for Android software parses specifically crafted email messages, aka ‘Outlook for Android Spoofing Vulnerability'.

Source

ASH-AIO before 2.0.0.3 allows an open redirect.

Source

Discourse before v2.4.0.beta2 lacks a confirmation screen when logging in via a user-api OTP.

Source

yard before 0.9.20 allows path traversal.

Source

parse-server before 3.6.0 allows account enumeration.

Source

parse-server before 3.4.1 allows DoS after any POST to a volatile class.

Source

ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer overflow via a large packet because it mishandles a case involving the first fragment.

Source

Exiv2::PngImage::readMetadata() in pngimage.cpp in Exiv2 0.27.99.0 allows attackers to cause a denial of service (heap-based buffer over-read) via a crafted image file.

Source