pfSense <= 2.5.2 allows authenticated users to inject arbitrary sed-specific code, which leads to an Arbitrary File Write, resulting in a Remote Code Execution. The vulnerability is also exploitable through a Cross-Site Request Forgery.
Visual Studio Code Remote Development Extension 1.50 failed to sanitize the host field before using it as an argument of the ssh command, allowing to inject a ProxyCommand option which could be used to run arbitray commands.
Corero SecureWatch Managed Services 9.7.2.0020 is affected by a Path Traversal vulnerability via the `snap_file` parameter in the `/it-IT/splunkd/__raw/services/get_snapshot` HTTP API endpoint. A 'low privileged' attacker can read any file on the target host.
Telegram rlottie 6.1.1_1946 is affected by a Type Confusion in the LOTCompLayerItem::LOTCompLayerItem function: a remote attacker might be able to access Telegram's heap memory out-of-bounds on a victim device.