Confluence Server 7.12.4 – ‘OGNL injection’ Remote Code Execution (RCE) (Unauthenticated)
BSCW Server versions 7.4.2 and below, 7.3.2 and below, 5.2.3 and below, 5.1.9 and below, and 5.0.11 and below suffer from an authenticated remote code execution vulnerability.
WordPress Plugin ProfilePress 3.1.3 – Privilege Escalation (Unauthenticated)
Umbraco CMS 8.9.1 – Path traversal and Arbitrary File Write (Authenticated)
Projectsend r1295 – ‘name’ Stored XSS
Strapi 3.0.0-beta.17.7 – Remote Code Execution (RCE) (Authenticated)
Strapi 3.0.0-beta – Set Password (Unauthenticated)
MySQL User-Defined (Linux) x32 / x86_64 – ‘sys_exec’ Local Privilege Escalation (2)
Usermin 1.820 – Remote Code Execution (RCE) (Authenticated)
Bus Pass Management System 1.0 – ‘viewid’ SQL Injection