CVE’s

SQL Injection in Packagist showdoc/showdoc prior to 2.10.3.

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.

The Easy Drag And drop All Import : WP Ultimate CSV Importer WordPress plugin before 6.4.3 does not sanitise and escaped imported comments, which could allow high privilege users to import malicious ones (either intentionnaly or not) and lead to Stored Cross-Site Scripting issues

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.

A flaw was found in the QEMU virtio-fs shared file system daemon (virtiofsd) implementation. This flaw is strictly related to CVE-2018-13405. A local guest user can create files in the directories shared by virtio-fs with unintended group ownership in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of the group. This could allow a malicious unprivileged user inside the guest to gain access to resources accessible to the root group, potentially escalating their privileges within the guest. A malicious local user in the host might also leverage this unexpected executable file created by the guest to escalate their privileges on the host system.

Exposure of Sensitive Information to an Unauthorized Actor in NPM simple-get prior to 4.0.1.

A vulnerability was reported in Lenovo System Update that could allow a local user with interactive system access the ability to execute code with elevated privileges only during the installation of a System Update package released before 2022-02-25 that displays a command prompt window.

Cross-site Scripting (XSS) - Reflected in Pypi calibreweb prior to 0.6.16.

Access of Memory Location Before Start of Buffer in GitHub repository vim/vim prior to 8.2.

Cross-site Scripting (XSS) - Stored in GitHub repository vanessa219/vditor prior to 3.8.13.