CVE

Cross-Site Request Forgery (CSRF) vulnerability in Brainstorm Force US LLC Schema Pro allows Cross Site Request Forgery.This issue affects Schema Pro: from n/a through 2.7.7.

Cross-Site Request Forgery (CSRF) vulnerability in Super Blog Me Broken Link Checker for YouTube allows Cross Site Request Forgery.This issue affects Broken Link Checker for YouTube: from n/a through 1.3.

Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in YetAnotherStarsRating.Com YASR – Yet Another Star Rating Plugin for WordPress.This issue affects YASR – Yet Another Star Rating Plugin for WordPress: from n/a through 3.3.8.

Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/archives/add.

Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/archives/edit.

Tenda i6 V1.0.0.8(3856) is vulnerable to Buffer Overflow via /goform/WifiMacFilterSet.

Tenda i6 V1.0.0.8(3856) is vulnerable to Buffer Overflow via /goform/wifiSSIDget.

Cross-Site Request Forgery (CSRF) vulnerability in Brainstorm Force US LLC CartFlows Pro allows Cross Site Request Forgery.This issue affects CartFlows Pro: from n/a through 1.11.12.

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Bowo Debug Log Manager.This issue affects Debug Log Manager: from n/a through 2.3.0.

An authenticated privileged attacker could upload a specially crafted zip to the EspoCRM server in version 7.2.5, via the update form, which could lead to arbitrary PHP code execution.