As part of our ongoing research and consulting efforts, we frequently discover vulnerabilities in third-party products. Committed to enhancing the security of the digital ecosystem, we publish detailed security advisories according our vulnerability disclosure policy. You can find the full security advisories with complete details in our Github repository.
Below is an overview of our latest security advisories:
-
Easy FancyBox WordPress Plugin – Stored Cross-site Scripting (XSS) (CVE-2019-16524)
-
Ping Identity Agentless Integration Kit – Reflected Cross-site Scripting (XSS) (CVE-2019-13564)
-
Teltonika RUT9XX – Unauthenticated OS Command Injection (CVE-2018-17533)
-
Teltonika RUT9XX – Missing Access Control to UART Root Terminal (CVE-2018-17534)
-
Teltonika RUT9XX – Reflected Cross-Site Scripting (XSS) (CVE-2018-17532)
-
Smarty – Trusted-Directory Bypass via Path Traversal (CVE-2018-13982)
-
phpWhois – PHP Code Injection (CVE-2015-5243)
-
RXTEC RXAdmin – SQL Injection Vulnerability (CVE-2015-8298)