PKP Open Journals System 3.3 - Cross-Site Scripting (XSS)

Delta Controls enteliTOUCH 3.40.3935 - Cookie User Password Disclosure

Delta Controls enteliTOUCH 3.40.3935 - Cross-Site Scripting (XSS)

Delta Controls enteliTOUCH 3.40.3935 - Cross-Site Request Forgery (CSRF)

REDCap 11.3.9 - Stored Cross Site Scripting

WordPress Plugin Popup Maker 1.16.5 - Stored Cross-Site Scripting (Authenticated)

Verizon 4G LTE Network Extender - Weak Credentials Algorithm

WordPress Plugin Videos sync PDF 1.7.4 - Stored Cross Site Scripting (XSS)

ManageEngine ADSelfService Plus 6.1 - User Enumeration

Scriptcase 9.7 - Remote Code Execution (RCE)

Easy Appointments 1.4.2 - Information Disclosure

Zyxel NWA-1100-NH - Command Injection

WordPress Plugin Motopress Hotel Booking Lite 4.2.4 - SQL Injection

Microsoft Exchange Active Directory Topology 15.0.847.40 - 'Service MSExchangeADTopology' Unquoted Service Path

Microsoft Exchange Mailbox Assistants 15.0.847.40 - 'Service MSExchangeMailboxAssistants' Unquoted Service Path

Razer Sila - Command Injection

Razer Sila - Local File Inclusion (LFI)

Telesquare TLR-2855KS6 - Arbitrary File Deletion

Telesquare TLR-2855KS6 - Arbitrary File Creation

Franklin Fueling Systems Colibri Controller Module 1.8.19.8580 - Local File Inclusion (LFI)

SAM SUNNY TRIPOWER 5.0 - Insecure Direct Object Reference (IDOR)

MiniTool Partition Wizard - Unquoted Service Path

binutils 2.37 - Objdump Segmentation Fault

Opmon 9.11 - Cross-site Scripting

Kramer VIAware - Remote Code Execution (RCE) (Root)

ICEHRM 31.0.0.0S - Cross-site Request Forgery (CSRF) to Account Deletion

qdPM 9.2 - Cross-site Request Forgery (CSRF)

minewebcms 1.15.2 - Cross-site Scripting (XSS)

Sherpa Connector Service v2020.2.20328.2050 - Unquoted Service Path

KLiK Social Media Website 1.0 - 'Multiple' SQLi

Zenario CMS 9.0.54156 - Remote Code Execution (RCE) (Authenticated)

WordPress Plugin Easy Cookie Policy 1.6.2 - Broken Access Control to Stored XSS

Kramer VIAware 2.5.0719.1034 - Remote Code Execution (RCE)

PostgreSQL 9.3-11.7 - Remote Code Execution (RCE) (Authenticated)

CSZ CMS 1.2.9 - 'Multiple' Blind SQLi(Authenticated)

WordPress Plugin admin-word-count-column 2.2 - Local File Read

WordPress Plugin video-synchro-pdf 1.7.4 - Local File Inclusion

WordPress Plugin cab-fare-calculator 1.0.3 - Local File Inclusion

WordPress Plugin Curtain 1.0.2 - Cross-site Request Forgery (CSRF)

Drupal avatar_uploader v7.x-1.0-beta8 - Cross Site Scripting (XSS)

Atom CMS 2.0 - Remote Code Execution (RCE)

ImpressCMS 1.4.2 - Remote Code Execution (RCE)

WordPress Plugin amministrazione-aperta 3.7.3 - Local File Read - Unauthenticated

ProtonVPN 1.26.0 - Unquoted Service Path

ICT Protege GX/WX 2.08 - Client-Side SHA1 Password Hash Disclosure

ICT Protege GX/WX 2.08 - Stored Cross-Site Scripting (XSS)

Sysax FTP Automation 6.9.0 - Privilege Escalation

Ivanti Endpoint Manager 4.6 - Remote Code Execution (RCE)

iRZ Mobile Router - CSRF to RCE

ICEHRM 31.0.0.0S - Cross-site Request Forgery (CSRF) to Account Takeover

Wordpress Plugin iQ Block Country 1.2.13 - Arbitrary File Deletion via Zip Slip (Authenticated)

Apache APISIX 2.12.1 - Remote Code Execution (RCE)

Tiny File Manager 2.4.6 - Remote Code Execution (RCE)

Hikvision IP Camera - Backdoor

Pluck CMS 4.7.16 - Remote Code Execution (RCE) (Authenticated)

Moodle 3.11.5 - SQLi (Authenticated)

VIVE Runtime Service - 'ViveAgentService' Unquoted Service Path

Baixar GLPI Project 9.4.6 - SQLi

Tdarr 2.00.15 - Command Injection

Seowon SLR-120 Router - Remote Code Execution (Unauthenticated)