WordPress GetYourGuide Ticketing plugin version 1.0.1 suffers from a persistent cross site scripting vulnerability.
>> ARCHIVE: 2022-09
OpenCart 3.x Newsletter Custom Popup module version 4.0 suffers from a remote blind SQL injection vulnerability.
Owlfiles File Manager version 12.0.1 suffers from local file inclusion and path traversal vulnerabilities.
PhotoSync version 4.7 suffers from a local file inclusion vulnerability.
SoX versions 14.4.2 and below suffer from a division by zero attack when handling WAV files, resulting in denial of service vulnerability and possibly loss of data.
VIAVIWEB Wallpaper Admin suffers from remote shell upload and remote SQL injection vulnerabilities.
Blink1Control2 2.2.7 – Weak Password Encryption
Buffalo TeraStation Network Attached Storage (NAS) 1.66 – Authentication Bypass
Airspan AirSpot 5410 version 0.3.4.1 – Remote Code Execution (RCE)
Bookwyrm v0.4.3 – Authentication Bypass