Asgaros Forum < 1.15.13 - Unauthenticated SQL Injection

Meteor subdomain takeover

Hardcoded .npmrc AuthToken

OpenStack User Secrets Exposure

Atom Package SFTP - Deployment Configuration Disclosure

MultiSafepay plugin for WooCommerce <= 4.13.1 - Unauthenticated Arbitrary File Read

Member Hero <= 1.0.9 - Unauthenticated Remote Code Execution

HTML2WP <= 1.0.0 - Unauthenticated Arbitrary File Upload

Travis CI Disclosure

ElasticBeanTalk Subdomain Takeover Detection

Wordpress Plugin ImageMagick-Engine 1.7.4 - Remote Code Execution (RCE) (Authenticated)

QNAP QTS Photo Station External Reference

Fortigate - Authentication bypass

Intel Active Management Technology - Authentication Bypass

Remote code execution vulnerability present in Fortinet devices

Apache Hadoop - Yarn ResourceManager Remote Code Execution

Remote code execution vulnerability present in vm2 sandbox

WP Visitor Statistics (Real Time Traffic) < 5.8 - Unauthenticated SQLi

Wordpress Plugin Zephyr Project Manager 3.2.42 - Multiple SQLi

Heimdal Kerbos vulnerable to remotely triggered NULL pointer dereference

Microstrategy Web 10.4 exposes the JVM configuration

Nirweb support < 2.8.2 - Unauthenticated SQLi

Like Button Rating < 2.6.32 - Unauthenticated Full-Read SSRF

Patreon WordPress < 1.7.0 - Unauthenticated Local File Disclosure

School Dormitory Management System 1.0 - SQL Injection

Dapr Dashboard - Unauthorized Access

Microsoft Exchange vulnerable to server-side request forgery and remote code execution.

GLPI - Remote Code Execution

Narnoo Distributor <= 2.5.1 - Unauthenticated LFI to Arbitrary File Read / RCE

L2 network security controls can be bypassed using VLAN 0 stacking and/or 802.3 headers