[webapps] Oracle Business Intelligence / XML Publisher 11.1.1.9.0 / 12.2.1.3.0 / 12.2.1.4.0 – XML External Entity Injection

[local] Daikin Security Gateway 14 – Remote Password Reset

[webapps] ERPNext 14.82.1 – Account Takeover via Cross-Site Request Forgery (CSRF)