WBCE CMS version 1.5.2 authenticated remote code execution exploit.

This Metasploit module exploits privilege escalation in Servisnet Tessa triggered by the add new sysadmin user flow with any user authorization. An API request to “/data-service/users/[userid]” with any low-authority user…

WAGO 750-8xxx PLC versions prior to Firmware 20 Patch 1 (v03.08.08) suffer from denial of service and user enumeration vulnerabilities.

Korenix Technology JetWave products JetWave 2212X, JetWave 2212S, JetWave 2212G, JetWave 2311, and JetWave 3220 suffer from unauthenticated device administration, cross site request forgery, multiple command injection, and unauthenticated tftp…

Voltage SecureMail Server versions prior to 7.3.0.1 suffer from a business logic bypass vulnerability.

Shopmetrics Mystery Shopping Software SaaS platform versions before v21-11 suffer from broken access control and cross site scripting vulnerabilities.

Feberr version 12.7 suffers from a remote shell upload vulnerability.

Vivellio version 1.2.1 suffers from a user account enumeration vulnerability.