Craft CMS versions up to 3.1.7 are missing rate limiting on password validations.
>> CATEGORY: exploit
ham3d version 1.1 suffers from information disclosure and default credential vulnerabilities.
ClonOs WEB UI version 19.09 suffers from an improper access control vulnerability.
Sahi Pro version 8.x suffers from a reflective cross site scripting vulnerability.
CWP version 0.9.8.885 suffers from a persistent cross site scripting vulnerability.
Part-DB version 0.4 suffers from an authentication bypass vulnerability.
JumpStart version 0.6.0.0 suffers from a jswpbapi unquoted service path vulnerability.
Intelbras Router WRN150 version 1.0.18 suffers from a cross site request forgery vulnerability.
waldronmatt FullCalendar-BS4-PHP-MySQL-JSON version 1.21 suffers from a remote SQL injection vulnerability.
delpino73 Blue-Smiley-Organizer version 1.32 suffers from a remote SQL injection vulnerability.