Qognify VMS Client Viewer version 7.1 suffers from a local privilege escalation vulnerability via DLL hijacking.
fdb1bbc1d16c28cae32902f7d1fe190a3d993b678a937d26c6c7a57c07f09736
Craft CMS version 3.7.36 suffers from a password reset poisoning vulnerability. An unauthenticated attacker who knows valid email addresses or account names of Craft CMS backend users is able to manipulate the password reset functionality in a way that the registered users of the CMS receive password reset emails containing a malicious password reset link.
de06127d774e506b909f777e221d9940b8410ddd11923cc82b9c59ebc88211e5