A session token vulnerability has been discovered in VestaCP version 0.9.8-26. The vulnerability allows remote attackers to gain unauthenticated or unauthorized access by client-side token manipulation.
Perfex CRM version 2.4.4 suffers from a persistent cross site scripting vulnerability.
CCt99 Chichen Tech CMS version 1.0 suffers from a remote SQL injection vulnerability.
Super Backup version 2.0.5 for iOS suffers from a directory traversal vulnerability.
CMS Made Simple 2.2.15 – Stored Cross-Site Scripting via SVG File Upload (Authenticated)
Laravel Nova 3.7.0 – ‘range’ DoS
Forma LMS 2.3 – ‘First & Last Name’ Stored Cross-Site Scripting
Savsoft Quiz 5 – ‘field_title’ Stored Cross-Site Scripting
Chromium 83 – Full CSP Bypass
Testa Online Test Management System 3.4.7 – ‘q’ SQL Injection