CMS Made Simple 2.2.15 – ‘title’ Cross-Site Scripting (XSS)
CMS Made Simple 2.2.15 – ‘title’ Cross-Site Scripting (XSS)
OTRS 6.0.1 – Remote Command Execution (2)
Cisco RV-series routers suffer from an authentication bypass vulnerability. The RV34X series are also affected by a command injection vulnerability in the sessionid cookie, when requesting the /upload endpoint. A…
Phone Shop Sales Management System version 1.0 suffers from a remote shell upload vulnerability.
Fibaro Home Center Light and Fibaro Home Center 2 versions 4.600 and below suffer from man-in-the-middle, missing authentication, remote command execution, and missing encryption vulnerabilities.
Microsoft Diaghub suffers from a privilege escalation vulnerability.
Discourse version 2.7.0 suffers from a 2FA bypass via a rate limiting bypass vulnerability.
Fast PHP Chat version 1.3 suffers from a remote SQL injection vulnerability.
Multilaser Router RE018 AC1200 suffers from a cross site request forgery vulnerability.
WordPress RSS for Yandex Turbo plugin version 1.29 suffers from a persistent cross site scripting vulnerability.