H2 Database version 1.4.199 JNI code execution exploit. This exploit utilizes the Java Native Interface to load a a Java class without needing to use the Java Compiler.
>> ARCHIVE: 2021-01
Sonatype Nexus version 3.21.1 suffers from an authenticated remote code execution vulnerability.
Rocket.Chat versions 3.7.1 and below suffers from an email address enumeration vulnerability.
WordPress Plugin wpDiscuz 7.0.4 – Unauthenticated Arbitrary File Upload (Metasploit)
WordPress Plugin Autoptimize 2.7.6 – Authenticated Arbitrary File Upload (Metasploit)
dnsrecon 0.10.0 – CSV Injection
Apache Flink 1.11.0 – Unauthenticated Arbitrary File Read (Metasploit)
Cockpit Version 234 – Server-Side Request Forgery (Unauthenticated)
Online Doctor Appointment System 1.0 – Multiple Stored XSS
Life Insurance Management System 1.0 – Multiple Stored XSS