HPE Edgeline Infrastructure Manager suffers from multiple broken authorization flows that allow for administrative function access without authenticating and can allow for arbitrary password changes.
https://taepalai.go.th/index.htm notified by Mr.OverKiLL
https://www.mabkhapattana.go.th notified by LoliCyndrome
http://mmhs.go.th notified by Family Attack Cyber
GitLab version 11.4.7 authenticated remote code execution exploit. Original discovery of this issue attributed to Mohin Paramasivam in December of 2020.
WordPress WP-PostRatings plugin version 1.86 suffers from a cross site scripting vulnerability.
Adning Advertising plugin version 1.5.5 suffers from a remote shell upload vulnerability.
The session identifier used by Arteco Web Client DVR/NVR is of an insufficient length and can be brute forced, allowing a remote attacker to obtain a valid session, bypass authentication,…
The Apache Struts framework, when forced, performs double evaluation of attribute values assigned to certain tags attributes such as id. It is therefore possible to pass in a value to…