A cross site scripting vulnerability has been discovered in the AIR5750 modem of the AirTies manufacturer. AirTies Air 5750 devices have XSS via the top.html productboardtype parameter.
gVisor reuses pagetables across levels without paging-structure invalidation.
WordPress Breadcrumb NavXT plugin version 6.1.0 suffers from a username disclosure vulnerability.
WordPress WebARX Website Firewall plugin version 4.9.8 suffers from bypass and cross site scripting vulnerabilities.
Microsoft Edge suffers from a sandbox escape vulnerability.
iWay Data Quality Suite Web Console version 10.6.1.ga suffers from an XML external entity injection vulnerability.
ManageEngine Desktop Central version 10.0.271 suffers from a cross site scripting vulnerability.
Rausoft ID.prove version 2.95 suffers from a remote SQL injection vulnerability.
PCProtect 4 version 8.35 suffers from a weak file permission privilege escalation vulnerability.
AppArmor has an issue where filesystem blacklisting can be bypassed by moving parents.