Phone Shop Sales Management System version 1.0 suffers from a remote shell upload vulnerability.

Fibaro Home Center Light and Fibaro Home Center 2 versions 4.600 and below suffer from man-in-the-middle, missing authentication, remote command execution, and missing encryption vulnerabilities.

Microsoft Diaghub suffers from a privilege escalation vulnerability.

Discourse version 2.7.0 suffers from a 2FA bypass via a rate limiting bypass vulnerability.

Fast PHP Chat version 1.3 suffers from a remote SQL injection vulnerability.

Multilaser Router RE018 AC1200 suffers from a cross site request forgery vulnerability.

WordPress RSS for Yandex Turbo plugin version 1.29 suffers from a persistent cross site scripting vulnerability.

RemoteClinic 2 suffers from multiple cross site scripting vulnerabilities.

rconfig versions 3.9.6 and below shell upload exploit. This is a variant of the flaw discovered in the same version by Murat Seker in March of 2021.

Hasura GraphQL version 1.3.3 suffers from an arbitrary file read vulnerability.