njs through 0.4.3, used in NGINX, has a use-after-free in njs_json_parse_iterator_call in njs_json.c.
The Stock in & out WordPress plugin through 1.0.4 has a search functionality, the lowest accessible level to it being contributor. The srch POST parameter is not validated, sanitised or escaped before using it in the echo statement, leading to a reflected XSS issue
In JetBrains IntelliJ IDEA before 2021.3.1, local code execution via RLO (Right-to-Left Override) characters was possible.
D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the wan_connected parameter at /goform/formEasySetupWizard3.