WordPress LifterLMS plugin version 4.21.0 suffers from a persistent cross site scripting vulnerability.

PHPFusion version 9.03.50 suffers from a remote code execution vulnerability.

Trixbox version 2.8.0.4 has path traversal via the xajaxargs array parameter to /maint/index.php?packages or the lang parameter to /maint/modules/home/index.php.

Trixbox version 2.8.0.4 has an OS command injection vulnerability that can be leveraged via shell metacharacters in the lang parameter to /maint/modules/home/index.php.

Trixbox version 2.8.0.4 has an OS command injection vulnerability that can be leveraged via shell metacharacters in the lang parameter to /maint/modules/home/index.php.

Postbird version 0.8.4 suffers from a javascript injection vulnerability that allows for cross site scripting and local file inclusion.

The QImage class can read out-of-bounds when reading a specially-crafted PNG file, where a tag byte offset goes out of bounds. This could potentially allow an attacker to determine values…

Pandora FMS version 6.0SP3 suffers from a cross site scripting vulnerability.

Three API endpoints for the IoT Controller are accessible without authentication. Two of the endpoints result in information leakage and consumption of computing/storage resources. The third API endpoint that does…

API keys for CommScope Ruckus are included in the IoT Controller OVA image, and are exposed to attackers who mount the filesystem.