>> CATEGORY: Security

Online Covid Vaccination Scheduler System 1.0 – Arbitrary File Upload to Remote Code Execution (Unauthenticated)

Employee Record Management System 1.2 – Stored Cross-Site Scripting (XSS)

Wyomind Help Desk 1.3.6 – Remote Code Execution (RCE)

WordPress Plugin SP Project & Document Manager 4.21 – Remote Code Execution (RCE) (Authenticated)

Rocket.Chat 3.12.1 – NoSQL Injection to RCE (Unauthenticated) (2)

Online Covid Vaccination Scheduler System 1.0 – ‘username’ time-based blind SQL Injection

WordPress Plugin Plainview Activity Monitor 20161228 – Remote Code Execution (RCE) (Authenticated) (2)

Black Box Kvm Extender 3.4.31307 – Local File Inclusion

Netgear DGN2200v1 – Remote Command Execution (RCE) (Unauthenticated)

Billing System Project 1.0 – Remote Code Execution (RCE) (Unauthenticated)