An XML external entity (XXE) processing vulnerability has been reported in Trend Micro Control Manager. The vulnerability is due to lack of validation of user-supplied input prior to executing an XML query. A remote, authenticated attacker could exploit this vulnerability by sending a malicious HTTP request to the target system.

A cross-site scripting vulnerability exists in the WooCommerce WordPress plugin. This vulnerability is triggered when the WooCommerce tax rates setting incorrectly processes user-supplied data. A remote attacker may exploit this vulnerability by uploading a malicious .csv file into the application. The file then injects malicious code triggering the attack, thereby allowing the attacker to gain full control of the web server.

MikroTik RouterOS is prone to a security-bypass vulnerability because the software fails to sufficiently sanitize SNMP requests. Successfully exploiting this issue allows attackers to write to and change certain aspects of the Network Management System (NMS). This may aid in further attacks. Versions up to and including RouterOS 3.13 and 2.9.51 are vulnerable.

An out-of-bounds write vulnerability exists in ImageMagick’s convert utility. The vulnerability is due to improper handling of TIFF image data when deflating an Adobe Deflate compressed TIFF image.A remote attacker could exploit this vulnerability by providing a specially crafted TIFF image to a target.

A remote code execution vulnerability exists in PHPMailer. The vulnerability is due to lack of email address validation. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system.

A vulnerability in the Winbox service in MikroTik RouterOS 5.15 and earlier allows remote attackers to cause a denial of service (CPU consumption), read the router version, and possibly have additional impact via a request to download the router’s DLLs or plugins.

A cross-site scripting vulnerability exists in the WooCommerce WordPress plugin. This vulnerability is triggered when the WooCommerce tax rates setting incorrectly processes user-supplied data. A remote attacker may exploit this vulnerability by uploading a malicious .csv file into the application. The file then injects malicious code triggering the attack, thereby allowing the attacker to gain full control of the web server.

Multiple vulnerabilities exist in Joomla, allowing a remote attacker to upload a malicious file. Successful exploitation could result in the execution of arbitrary code in the security context of the web server.

An SQL injection vulnerability exists in the WordPress Answer My Question Plugin. It allows an authenticated remote attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

A PHP code execution vulnerability exists in SugarCRM. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system.