JerryScript through 2.3.0 has a (function({a=arguments}){const arguments}) buffer over-read.
The Easy Preloader WordPress plugin through 1.0.0 does not sanitise its setting fields, leading to authenticated (admin+) Stored Cross-Site scripting issues
JetBrains YouTrack before 2021.4.31698 was vulnerable to stored XSS on the Notification templates page.
D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the webpage parameter at /goform/formWlanGuestSetup.