SimpleXMQ before 3.4.0, as used in SimpleX Chat before 4.2, does not apply a key derivation function to intended data, which can interfere with forward secrecy and can have other impacts if there is. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. Public exploit code available.
A vulnerability was found in gnuboard5. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.
CBRN-Analysis before 22 allows XXE attacks via am mws XML document, leading to NTLMv2-SSP hash disclosure. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.