Cross-Site Request Forgery (CSRF) vulnerability in Tips and Tricks HQ, josh401 WP CSV to Database – Insert CSV file content into WordPress plugin <= 2.6…

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Paul C. Schroeder IP Vault – WP Firewall plugin <= 1.1 versions. Zafiyet…

Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in WP Go Maps (formerly WP Google Maps) plugin <= 9.0.15 versions. Zafiyet…

Due to insufficient encoding of user input, SAP NetWeaver – versions 700, 701, 702, 731, 740, 750, allows an unauthenticated attacker to inject code that…

The Akuvox E11 secure shell (SSH) server is enabled by default and can be accessed by the root user. This password cannot be changed by…

Akuvox E11 cloud login is performed through an unencrypted HTTP connection. An attacker could gain access to the Akuvox cloud and device if the MAC…

The Akuvox E11 Media Access Control (MAC) address, a primary identifier, combined with the Akuvox E11 IP address, could allow an attacker to identify the…

Akuvox E11 allows direct SIP calls. No access control is enforced by the SIP servers, which could allow an attacker to contact any device within…

The Akuvox E11 libvoice library provides unauthenticated access to the camera capture for image and video. This could allow an attacker to view and record…

Akuvox E11 does not ensure that a file extension is associated with the file provided. This could allow an attacker to upload a file to…