CentOS Web Panel version 0.9.8.78 suffers from a persistent cross site scripting vulnerability.
Cisco RV320 / RV325 Unauthenticated Remote Code Execution
This Metasploit module combines an information disclosure (CVE-2019-1653) and a command injection vulnerability (CVE-2019-1652) together to gain unauthenticated remote code execution on Cisco RV320 and RV325 small business routers. Can be exploited via the WAN interface of the router. Either via HTTPS on port 443 or HTTP on port 8007 on some older firmware versions.
Masch CMStudio Banners 8.6.1 Open Redirection
Masch CMStudio Banners module version 8.6.1 suffers from an open redirection vulnerability.
WordPress Ultimate Form Builder 1.0 Database Disclosure
WordPress Form Builder plugin version 1.0 suffers from a database disclosure vulnerability.
Magento 2.3.0 SQL Injection
Magento versions 2.2.0 through 2.3.0 unauthenticated remote SQL injection exploit.
Pydio 8 Command Execution / Cross Site Scripting
Pydio 8 suffers from cross site scripting, command injection, and various other vulnerabilities.
Apple Security Advisory 2019-3-27-1
Apple Security Advisory 2019-3-27-1 – watchOS 5.2 is now available and addresses buffer overflow and code execution vulnerabilities.
[webapps] CentOS Web Panel 0.9.8.789 – NameServer Field Persistent Cross-Site Scripting
CentOS Web Panel 0.9.8.789 – NameServer Field Persistent Cross-Site Scripting
WordPress AND-AntiBounce 1.0.3 Open Redirection
WordPress AND-AntiBounce plugin version 1.0.3 suffers from an open redirection vulnerability.