Traffic Offense Management System 1.0 – SQLi to Remote Code Execution (RCE) (Unauthenticated)
Confluence Server 7.12.4 – ‘OGNL injection’ Remote Code Execution (RCE) (Unauthenticated)
BSCW Server versions 7.4.2 and below, 7.3.2 and below, 5.2.3 and below, 5.1.9 and below, and 5.0.11 and below suffer from an authenticated remote code execution vulnerability.
WordPress Plugin ProfilePress 3.1.3 – Privilege Escalation (Unauthenticated)
Umbraco CMS 8.9.1 – Path traversal and Arbitrary File Write (Authenticated)
Projectsend r1295 – ‘name’ Stored XSS
Strapi 3.0.0-beta.17.7 – Remote Code Execution (RCE) (Authenticated)
Strapi 3.0.0-beta – Set Password (Unauthenticated)
MySQL User-Defined (Linux) x32 / x86_64 – ‘sys_exec’ Local Privilege Escalation (2)
Usermin 1.820 – Remote Code Execution (RCE) (Authenticated)