[webapps] WordPress Plugin Mimetic Books 0.2.13 – 'Default Publisher ID field' Stored Cross-Site Scripting (XSS)

[local] Daikin Security Gateway 14 – Remote Password Reset

[webapps] ERPNext 14.82.1 – Account Takeover via Cross-Site Request Forgery (CSRF)