Bhima version 1.27.0 allows an authenticated attacker with regular user permissions to update arbitrary user session data such as username, email and password. NVD is sponsored by CISA. Auth. It is recommended to upgrade the affected component. This could lead to local escalation of privilege with System execution privileges needed. Starting in version 1.5 and prior to versions 4.1.4 and 4.2.2, a stored cross-site scripting (XSS) vulnerability exists on ModelAdmin views within the Wagtail admin interface. Apache James server version 3.7.3 and earlier provides a JMX management service without authentication by default. In Nextcloud Desktop client 3.0.0 until 3.8.0, Nextcloud Android app 3.13.0 until 3.25.0, and Nextcloud iOS app 3.0.5 until 4.8.0, a malicious server administrator can gain full access to an end-to-end encrypted folder. A successful exploit could allow the attacker to elevate privileges to root. Patch ID: ALPS07560765; Issue ID: ALPS07560765. Envoy is an open source edge and service proxy designed for cloud-native applications. Reflected Cross-Site Scripting (XSS) vulnerability in Cththemes Outdoor theme <= 3.9.6 versions. VDB-224998 is the identifier assigned to this vulnerability. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in QuantumCloud Conversational Forms for ChatBot plugin <= 1.1.6 versions. Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.3. During SDK repair, certutil.exe is called by the Acuant installer to repair certificates. Once configured, the attacker can then register as an administrator. For more information about these vulnerabilities, see the Details section of this advisory. It also lets you show support for other companies in your community. For more than 50 years, the U.S. Small Business Administration has celebrated National Small Business Week (NSBW), which recognizes the critical contributions of Americas entrepreneurs and small business owners. This vulnerability affects unknown code of the file webmainConfig.php of the component Configuration File Handler. Auth. Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.0 and 9.3.0.1, including 8.3.x with the Big Data Plugin expose the username and password of clusters in clear text into system logs. A vulnerability classified as critical was found in SourceCodester Simple and Beautiful Shopping Cart System 1.0. Cross Site Scripting vulnerability found in Pandao Editor.md v.1.5.0 allows a remote attacker to execute arbitrary code via a crafted script in the