Kentico CMS version 9.0-12.0.49 suffers from a persistent cross site scripting vulnerability.
>> ARCHIVE: 2020-10
openMAINT version 1.1-2.4.2 suffers from an arbitrary file upload vulnerability.
DynPG version 4.9.1 suffers from a persistent cross site scripting vulnerability.
Sage DPW versions 2020_06_000 and 2020_06_001 suffer from cross site scripting and unauthenticated malicious file upload vulnerabilities.
JioChat for Android has an issue where a caller can cause the callee device to send audio without user interaction.
Battle.Net 1.27.1.12428 – Insecure File Permissions
berliCRM 1.0.24 – ‘src_record’ SQL Injection
Cisco ASA and FTD 9.6.4.42 – Path Traversal
Liman 0.7 – Cross-Site Request Forgery (Change Password)
MedDream PACS Server 6.8.3.751 – Remote Code Execution (Unauthenticated)