As part of our ongoing research and consulting efforts, we frequently discover vulnerabilities in third-party products. Committed to enhancing the security of the digital ecosystem, we publish detailed security advisories according our vulnerability disclosure policy. You can find the full security advisories with complete details in our Github repository.
Below is an overview of our latest security advisories:
-
Ping Identity Agentless Integration Kit – Reflected Cross-site Scripting (XSS) (CVE-2019-13564)
September 6, 2019 -
Teltonika RUT9XX – Unauthenticated OS Command Injection (CVE-2018-17533)
October 12, 2018 -
Teltonika RUT9XX – Missing Access Control to UART Root Terminal (CVE-2018-17534)
October 12, 2018 -
Teltonika RUT9XX – Reflected Cross-Site Scripting (XSS) (CVE-2018-17532)
October 12, 2018 -
Smarty – Trusted-Directory Bypass via Path Traversal (CVE-2018-13982)
September 18, 2018 -
phpWhois – PHP Code Injection (CVE-2015-5243)
August 2, 2018 -
RXTEC RXAdmin – SQL Injection Vulnerability (CVE-2015-8298)
May 13, 2015 -
Polycom BToE Connector – Privilege Escalation Vulnerability (CVE-2015-8300)
May 13, 2015