From DHS/US-CERT's National Vulnerability Database
Roundcube Webmail before 1.4.8 allows stored XSS in HTML messages during message display via a crafted SVG document.
An XSS issue was discovered in MantisBT before 2.24.2. Improper escaping on view_all_bug_page.php allows a remote attacker to inject arbitrary HTML into the page by saving it into a text Custom Field, leading to possible code execution in the browser of any user subsequently viewing the issue (if CS...
SugarCRM before 10.1.0 (Q3 2020) allows XSS.
SugarCRM before 10.1.0 (Q3 2020) allows SQL Injection.
An information disclosure and remote code execution vulnerability in the slinger web server of the BlackBerry QNX Software Development Platform versions 6.4.0 to 6.6.0 could allow an attacker to potentially read arbitrary files and run arbitrary executables in the context of the web server.