WordPress Plugin WP Sitemap Page 1.6.4 – Stored Cross-Site Scripting (XSS)

Antminer Monitor 0.5.0 – Authentication Bypass

SmartFTP Client 10.0.2909.0 – ‘Multiple’ Denial of Service

Patient Appointment Scheduler System 1.0 – Persistent/Stored XSS

Patient Appointment Scheduler System 1.0 – Unauthenticated File Upload & Remote Code Execution (RCE)

Bus Pass Management System 1.0 – ‘viewid’ Insecure direct object references (IDOR)

FlatCore CMS 2.0.7 – Remote Code Execution (RCE) (Authenticated)

OpenEMR 6.0.0 – ‘noteid’ Insecure Direct Object Reference (IDOR)

Argus Surveillance DVR 4.0 – Unquoted Service Path