In Bluetooth firmware, there is a possible firmware asssert due to improper handling of exceptional conditions. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09001270; Issue ID: MSV-1600.

In wlan driver, there is a possible client disconnection due to improper handling of exceptional conditions. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00384543; Issue ID: MSV-1727.

A security vulnerability in HPE IceWall products could be exploited remotely to cause Unauthorized Data Modification.

Incorrect access control in the component content://com.handcent.messaging.provider.MessageProvider/ of Handcent NextSMS v10.9.9.7 allows attackers to access sensitive data.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Berg Informatik Stripe Donation bin-stripe-donation allows Stored XSS.This issue affects Stripe Donation: from n/a through <= 1.2.5.

Cross-Site Request Forgery (CSRF) vulnerability in Maeve Lander PayPal Responder allows Stored XSS.This issue affects PayPal Responder: from n/a through 1.2.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Plugin Devs Post Carousel Slider for Elementor post-carousel-slider-for-elementor allows Stored XSS.This issue affects Post Carousel Slider for Elementor: from n/a through <= 1.5.0.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Terry L. WP Mermaid wp-mermaid allows Stored XSS.This issue affects WP Mermaid: from n/a through <= 1.0.2.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in nutttaro Video Player for WPBakery video-player-for-wpbakery allows Stored XSS.This issue affects Video Player for WPBakery: from n/a through <= 1.0.1.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FlickDevs Elementor Button Plus fd-elementor-button-plus allows Stored XSS.This issue affects Elementor Button Plus: from n/a through <= 1.3.9.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 코스모스팜 – Cosmosfarm 소셜 공유 버튼 By 코스모스팜 cosmosfarm-share-buttons allows Stored XSS.This issue affects 소셜 공유 버튼 By 코스모스팜: from n/a through <= 1.9.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SkyBootstrap Elementor Image Gallery Plugin skyboot-portfolio-gallery allows Stored XSS.This issue affects Elementor Image Gallery Plugin: from n/a through <= 1.0.5.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Aezaz Shaikh Countdown Timer for Elementor countdown-timer-for-elementor allows Stored XSS.This issue affects Countdown Timer for Elementor: from n/a through <= 1.3.6.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Prism I.T. Systems Multilevel Referral Affiliate Plugin for WooCommerce multilevel-referral-plugin-for-woocommerce allows Reflected XSS.This issue affects Multilevel Referral Affiliate Plugin for WooCommerce: from n/a through <= 2.27.

WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1 allows a remote Denial of Service because of memory corruption during scanning of a PE32 file.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Codeless Cowidgets – Elementor Addons cowidgets-elementor-addons allows Stored XSS.This issue affects Cowidgets – Elementor Addons: from n/a through <= 1.2.0.

Cross-Site Request Forgery (CSRF) vulnerability in Essential Marketer Essential Breadcrumbs essential-breadcrumbs allows Stored XSS.This issue affects Essential Breadcrumbs: from n/a through <= 1.1.1.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jakub Glos Sparkle Elementor Kit sparkle-elementor-kit allows DOM-Based XSS.This issue affects Sparkle Elementor Kit: from n/a through <= 2.0.9.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pracapl Znajdź Pracę z Praca.pl znajdz-prace-z-pracapl allows DOM-Based XSS.This issue affects Znajdź Pracę z Praca.pl: from n/a through <= 2.2.3.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PickPlugins Mail Picker mail-picker allows DOM-Based XSS.This issue affects Mail Picker: from n/a through <= 1.0.15.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sergiomico SimpleSchema simpleschema-free allows DOM-Based XSS.This issue affects SimpleSchema: from n/a through <= 1.7.6.9.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pixobe Pixobe Cartography pixobe-cartography allows DOM-Based XSS.This issue affects Pixobe Cartography: from n/a through <= 1.0.1.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in devnex Devnex Addons For Elementor devnex-addons-for-elementor allows DOM-Based XSS.This issue affects Devnex Addons For Elementor: from n/a through <= 1.0.9.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SoftHopper Softtemplates For Elementor softtemplates-for-elementor allows DOM-Based XSS.This issue affects Softtemplates For Elementor: from n/a through <= 1.0.8.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rejuan Ahamed Best Addons for Elementor allows Stored XSS.This issue affects Best Addons for Elementor: from n/a through 1.0.5.