Citrix Application Delivery Controller and Gateway contain a directory traversal vulnerability allowing unauthenticated remote code execution, known as 'Shitrix', that triggered a global exploitation crisis in January 2020.
An issue was discovered on Alcatel-Lucent OmniVista 4760 devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
wp_kses_bad_protocol in wp-includes/kses.php in WordPress before 5.3.1 mishandles the HTML5 colon named entity, allowing attackers to bypass input sanitization, as demonstrated by the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.