Grav CMS version 1.7.10 suffers from a server-side template injection vulnerability.
Sticky Notes and Color Widgets version 1.4.2 suffers from a denial of service vulnerability.
Backdoor.Win32.Wollf.12 malware suffers from a code execution vulnerability.
OptiLink ONT1GEW GPON version 2.1.11_X101 build 1127.190306 authenticated remote code execution exploit.
IcoFX version 2.6 .ico buffer overflow exploit with SEH and DEP bypass using JOP.
Rocket.Chat version 3.12.1 unauthenticated NoSQL injection to remote code execution exploit.
WordPress Plugin wpDiscuz 7.0.4 – Arbitrary File Upload (Unauthenticated)
Grav CMS 1.7.10 – Server-Side Template Injection (SSTI) (Authenticated)
Rocket.Chat 3.12.1 – NoSQL Injection to RCE (Unauthenticated)
IcoFX 2.6 – ‘.ico’ Buffer Overflow SEH + DEP Bypass using JOP