As part of our ongoing research and consulting efforts, we frequently discover vulnerabilities in third-party products. Committed to enhancing the security of the digital ecosystem, we publish detailed security advisories according our vulnerability disclosure policy. You can find the full security advisories with complete details in our Github repository.
Below is an overview of our latest security advisories:
-
WordPress Plugin – EU Cookie Law (GDPR) – Stored XSS (CVE-2019-16522)
October 23, 2019 -
WordPress Plugin – Events Manager – Stored XSS (CVE-2019-16523)
October 23, 2019 -
Easy FancyBox WordPress Plugin – Stored Cross-site Scripting (XSS) (CVE-2019-16524)
September 25, 2019 -
Ping Identity Agentless Integration Kit – Reflected Cross-site Scripting (XSS) (CVE-2019-13564)
September 6, 2019 -
Teltonika RUT9XX – Unauthenticated OS Command Injection (CVE-2018-17533)
October 12, 2018 -
Teltonika RUT9XX – Missing Access Control to UART Root Terminal (CVE-2018-17534)
October 12, 2018 -
Teltonika RUT9XX – Reflected Cross-Site Scripting (XSS) (CVE-2018-17532)
October 12, 2018 -
Smarty – Trusted-Directory Bypass via Path Traversal (CVE-2018-13982)
September 18, 2018