WordPress Simply Poll plugin version 1.4.1 suffers from a remote SQL injection vulnerability.
ef47966e67d7cfe37bcac64037fb9770922a3340d0c34e06bc26a88367e9820b
The Apache Qpid Broker for Java can be configured to use different so called AuthenticationProviders to handle user authentication. Among the choices are the SCRAM-SHA-1 and SCRAM-SHA-256 AuthenticationProvider types. It was discovered that these AuthenticationProviders prematurely terminate the SCRAM SASL negotiation if the provided user name does not exist thus allowing remote attacker to determine the existence of user accounts. Versions affected include 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, and 6.1.0.
bbddbf23e1945b53856cc72ded8b1e2e1d8c44d3cf6502cc4774ffa2d0a1ea0d
PHPMailer versions prior to 5.2.20 zero day remote code execution exploit. This bypasses the CVE-2016-10033 patch.
773582183b0cfc6f38ae24f52f7dfb831cd2f3410287245bc6daea84d4d8db83
Popcorn Time version 5.6 suffers from a dll hijacking vulnerability.
883530884f216f6c68ef7fc7eb9ed28a2843523eb359a4b11af300a6969b344a