A persistent XSS vulnerability exists in the user account creation process in Liferay Portal. The vulnerability is due to insufficient input validation of the firstName, middleName and lastName parameters. Successful exploitation could allow the attacker to inject arbitrary script code into a user profile.

A remote command injection vulnerability exists in Tiki-Wiki CMS’s calendar module. By exploiting this vulnerability, a remote attacker can execute arbitrary code on the affected server.

A use-after-free vulnerability exists in the RTF parser of the LibreOffice office suite. The vulnerability is due to invalid parsing of stylesheets in RTF files. By enticing the user to open a specially crafted RTF file, an attacker could exploit this vulnerability to execute arbitrary code on the affected system.

An SQL injection vulnerability exists in Nagios XI. It allows an authenticated remote attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

A Command Injection vulnerability exists in Nagios XI. Successful exploitation will result in arbitrary command execution with root privileges.

A command execution vulnerability exists in D-Link DCS-930L. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system.

A cross-site scripting vulnerability exists in WordPress WP Live Chat Support Plugin. Successful exploitation of this vulnerability would allow remote attackers to inject an arbitrary web script into the affected system.

A cross-site scripting vulnerability exists in WordPress All In One SEO Pack plugin. Successful exploitation of this vulnerability would allow a remote attacker to insert malicious code into the effected system.

A remote code execution vulnerability exists in Microsoft Edge. The vulnerability is due to an error in the way Microsoft Edge accesses objects in memory. A remote attacker can exploit this issue by enticing a target victim to open a specially crafted web page that could cause memory corruption in a way that would allow attackers to execute code on the target system.

An information disclosure vulnerability exists in Microsoft Edge. The vulnerability is due to the way VBScript improperly discloses the contents of its memory. A remote attacker can exploit this issue by enticing a user to open a specially crafted web-page with an affected version of Microsoft Edge.