Dcastalia CMS version 1.2 suffers from an insecure direct object reference that allows users to access the administrative interface.
Deprixa Pro CMS version 3.2.5 appears to leave a default administrative account in place post installation.
WordPress Slider Revolution plugin version 4.6.5 suffers from a remote shell upload vulnerability.
WordPress Mega Main Menu plugin version 2.2.2 suffers from a backup disclosure vulnerability.
Online Food Ordering System version 2.0 suffers from a remote shell upload vulnerability.
Online Food Ordering System version 2.0 suffers from a remote SQL injection vulnerability.
The Mali driver tries to use the KBASE_REG_NO_USER_FREE flag to ensure that the memory region referenced by kbase_csf_tiler_heap::buf_desc_reg cannot be freed by userspace. However, this flag is only a single bit, and there can be multiple tiler heaps referencing the same memory region. This can lead to a use-after-free condition.
Linux kernel version 4.10 suffers from a use-after-free vulnerability in __do_semtimedop() due to a lockless check outside the RCU section.
MOV.AI Robotics Engine version 2.2.3-3 suffers from multiple cross site scripting vulnerabilities.
Tiki Wiki CMS Groupware versions 25.0 and below suffer from multiple cross site request forgery vulnerabilities.