Source
CVE
The WP Responsive header image slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'sp_responsiveslider' shortcode in versions up to, and including, 3.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Insertion of Sensitive Information into Log File vulnerability in Hitachi Ops Center Administrator on Linux allows local users to gain sensive information.This issue affects Hitachi Ops Center Administrator: before 10.9.3-00.
Allocation of Resources Without Limits or Throttling vulnerability in Hitachi Ops Center Common Services on Linux allows DoS.This issue affects Hitachi Ops Center Common Services: before 10.9.3-00.
Path traversal vulnerability in ACERA 1320 firmware ver.01.26 and earlier, and ACERA 1310 firmware ver.01.26 and earlier allows a network-adjacent authenticated attacker to alter critical information such as system files by sending a specially crafted request. They are affected when running in ST(Standalone) mode.
A flaw exists in VASA which allows users with access to a vSphere/ESXi VMware admin on a FlashArray to gain root access through privilege escalation.
A flaw exists in FlashArray Purity wherein under limited circumstances, an array administrator can alter the retention lock of a pgroup and disable pgroup SafeMode protection.
A flaw exists in FlashArray Purity whereby an array administrator by configuring an external key manager can affect the availability of data on the system including snapshots protected by SafeMode.
Presto Changeo testsitecreator up to v1.1.1 was discovered to contain a SQL injection vulnerability via the component disable_json.php.
A flaw exists in FlashBlade Purity whereby a user with access to an administrative account on a FlashBlade that is configured with timezone-dependent snapshot schedules can configure a timezone to prevent the schedule from functioning properly.
A flaw exists in FlashBlade Purity whereby an authenticated user with access to FlashBlade’s object store protocol can impact the availability of the system’s data access and replication protocols.