MODERATE

The package vuetify from 2.0.0-beta.4 and before 2.6.10 are vulnerable to Cross-site Scripting (XSS) due to improper input sanitization in the ‘eventName’ function within the VCalendar component.
References

https://nvd.nist.gov/vuln/detail/CVE-2022-25…

Snipe-IT prior to 6.0.10 is vulnerable to Improper Authentication. A user without the View and Modify License Files permission may access files uploaded to licenses as long as they have the View permission for licenses.
References

https://nvd.nist.gov…

LibreNMS versions 22.8.0 and prior allow attackers to execute arbitrary JavaScript code via the Schedule Maintenance Title parameter. A patch is available and anticipated to be part of version 22.9.0.
References

https://nvd.nist.gov/vuln/detail/CVE-20…

rdiffweb prior to 2.4.5 is vulnerable to Cross-Site Request Forgery (CSRF). An attacker exploiting this vulnerability can use it to delete repositories and users.
References

https://nvd.nist.gov/vuln/detail/CVE-2022-3232
https://github.com/ikus060/rdi…

Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect…

Craft CMS 4.2.0.1 is vulnerable to Cross Site Scripting (XSS) via src/helpers/Cp.php.
References

https://nvd.nist.gov/vuln/detail/CVE-2022-37248
https://github.com/craftcms/cms/commit/cedeba0609e4b173cd584dae7f33c5f713f19627
https://labs.integrity.pt/…

Craft CMS 4.2.0.1 suffers from Stored Cross Site Scripting (XSS) in /admin/myaccount.
References

https://nvd.nist.gov/vuln/detail/CVE-2022-37250
https://github.com/craftcms/cms/commit/cdc9cb66d0716c9552e4113c8e426fd1a31f9516
https://labs.integrity.pt/…

Craft CMS 3.70-RC1–3.7.55.1 and 4.0.0-RC1–4.2.0.1 are vulnerable to Cross Site Scripting (XSS) via entry revisions and drafts. Versions 3.7.55.2 and 4.2.1 contain patches for this issue.
References

https://nvd.nist.gov/vuln/detail/CVE-2022-37251
https…

Craft CMS 4.2.0.1 is vulnerable to stored a cross-site scripting (XSS) via /admin/settings/fields page.
References

https://nvd.nist.gov/vuln/detail/CVE-2022-37247
https://github.com/craftcms/cms/commit/cedeba0609e4b173cd584dae7f33c5f713f19627
https://…

Impact
If LRNGrad is given an output_image input tensor that is not 4-D, it results in a CHECK fail that can be used to trigger a denial of service attack.
import tensorflow as tf
depth_radius = 1
bias = 1.59018219
alpha = 0.117728651
beta = 0.40442705…