#windows

ExcessWeb and Network CMS version 4.0 suffers from a database disclosure vulnerability.

Evsanati Radyo version 1.0 suffers from an ignored default credential vulnerability.

Event Locations CMS version 1.0.1 suffers from a cross site scripting vulnerability.

Erim Upload version 4 suffers from a database disclosure vulnerability.

E-partenaire LMS version 1.0.0 suffers from a cross site scripting vulnerability.

EMH CMS version 0.1 suffers from a cross site scripting vulnerability.

Improper log permissions in SafeNet Authentication Service Version 3.4.0 on Windows allows an authenticated attacker to cause a denial of service via local privilege escalation.

install/aiz-uploader/upload in Campcodes Online Matrimonial Website System Script 3.3 allows XSS via a crafted SVG document.

Active flaws in the PowerShell Gallery could be weaponized by threat actors to pull off supply chain attacks against the registry's users. "These flaws make typosquatting attacks inevitable in this registry, while also making it extremely difficult for users to identify the true owner of a package," Aqua security researchers Mor Weinberger, Yakir Kadkoda, and Ilay Goldman said in a report shared

DVWA v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at blind\source\high.php.