Alerts

The tourmaster WordPress plugin before 5.3.4 does not sanitise and escape some parameters when outputting them in the page, which could allow unauthenticated users to perform Cross-Site Scripting...

The Pods WordPress plugin before 3.2.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even...

The Icegram Engage WordPress plugin before 3.1.32 does not sanitise and escape some of its Campaign settings, which could allow authors and above to perform Stored Cross-Site Scripting attacks

The Email Subscribers by Icegram Express WordPress plugin before 5.7.44 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks

Memory corruption while processing IPA statistics, when there are no active clients registered.

Information Disclosure while invoking the mailbox write API when message received from user is larger than mailbox size.

Memory corruption when input parameter validation for number of fences is missing for fence frame IOCTL calls,

Memory corruption while invoking IOCTL calls to unmap the DMA buffers.

Memory corruption while processing frame command IOCTL calls.

Information disclosure while processing IOCTL call made for releasing a trusted VM process release or opening a channel without initializing the process.