Linux stable versions 5.4 and 5.10 suffers from a page use-after-free via stale TLB caused by an rmap lock not held during PUD move.
Various versions of Bitbucket Server and Data Center are vulnerable to an unauthenticated command injection vulnerability in multiple API endpoints. The /rest/api/latest/projects/{projectKey}/repos/{repositorySlug}/archive endpoint creates an archive of the repository, leveraging…
Testa 3.5.1 Online Test Management System – Reflected Cross-Site Scripting (XSS)
Aero CMS v0.0.1 – SQLi
WordPress Plugin 3dady real-time web stats 1.0 – Stored Cross Site Scripting (XSS)
WordPress Plugin WP-UserOnline 2.88.0 – Stored Cross Site Scripting (XSS)
Teleport v10.1.1 – Remote Code Execution (RCE)
TP-Link Tapo c200 1.1.15 – Remote Code Execution (RCE)
Feehi CMS 2.1.1 – Remote Code Execution (RCE) (Authenticated)
WiFiMouse version 1.8.3.4 suffers from a remote code execution vulnerability.