Phone Shop Sales Management System version 1.0 suffers from a remote shell upload vulnerability.
>> CATEGORY: exploit
Cisco RV-series routers suffer from an authentication bypass vulnerability. The RV34X series are also affected by a command injection vulnerability in the sessionid cookie, when requesting the /upload endpoint. A…
Discourse version 2.7.0 suffers from a 2FA bypass via a rate limiting bypass vulnerability.
Microsoft Diaghub suffers from a privilege escalation vulnerability.
WordPress RSS for Yandex Turbo plugin version 1.29 suffers from a persistent cross site scripting vulnerability.
Multilaser Router RE018 AC1200 suffers from a cross site request forgery vulnerability.
Fast PHP Chat version 1.3 suffers from a remote SQL injection vulnerability.
rconfig versions 3.9.6 and below shell upload exploit. This is a variant of the flaw discovered in the same version by Murat Seker in March of 2021.
RemoteClinic 2 suffers from multiple cross site scripting vulnerabilities.
Hasura GraphQL version 1.3.3 suffers from a server-side request forgery vulnerability.