MSHTML only checks for the CLSID associated with VBScript when blocking in the Internet Zone, but doesn’t check other VBScript CLSIDs which allow a web page to bypass the security zone policy.
There’s a race condition in the destruction of the BindingState for bindings to the StoragePartitionService in Chrome. It looks like the root cause of the issue is that since we can get two concurrent calls to callbacks returned from mojo::BindingSet::GetBadMessageCallback() from the same BindingSet, which results in a data race destroying the same BindingState.
The SAML SSO addon in JFrog Artifactory version 6.5.9 does not properly validate the XML signature in the SAMLResponse field send to the URL /webapp/saml/loginResponse. An attacker can use this flaw to login as any user if they already can login as some user.
There is an issue in VBScript in the VbsErase function. In some cases, VbsErase fails to clear the argument variable properly, which can trivially lead to crafting a variable with the array type, but with a pointer controlled controlled by an attacker.
Microsoft Edge suffers from a Flash click2play bypass with CObjectElement::FinalCreateObject.
PHP MySQLi Database Class version 2.9.2 which is from joshcam suffers from a remote SQL injection vulnerability.
CSZ CMS version 1.2.1 suffers from an arbitrary file upload vulnerability.
WordPress version 5.0.4 with FormCraft plugin version 2.0 suffers from a cross site request forgery vulnerability that can be leveraged to perform a shell upload.
WinMPG Video Convert versions 9.3.5 and below suffer from a local denial of service vulnerability.
WinAVI iPod/3GP/MP4/PSP Converter version 4.4.2 suffers from a local denial of service vulnerability.