An issue was discovered in the administrator interface in IPBRICK OS 6.3. The application doesn't check for Anti-CSRF tokens, allowing the submission of multiple forms unwillingly by a victim.
method-override is a module used by the Express.js framework to let you use HTTP verbs such as PUT or DELETE in places where the client doesn't support it. method-override is vulnerable to a regular expression denial of service vulnerability when specially crafted input is passed in to be parsed via the X-HTTP-Method-Override header.
In tgstation-server 4.4.0 and 4.4.1, an authenticated user with permission to download logs can download any file on the server machine (accessible by the owner of the server process) via directory traversal ../ sequences in /Administration/Logs/ requests. The attacker is unable to enumerate files, however.
Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781.