CVE-2021-22276

In M-Files Web product with versions before 20.10.9524.1 and 20.10.9445.0, a remote attacker could use a flaw to obtain unauthenticated access to 3rd party component license key information on server.

This advisory contains mitigations for mproper Access Control, Unrestricted Upload of File with Dangerous Type, Open Redirect, Cross-site Scripting, and Cross-site Request Forgery vulnerabilities in Uffizio GPS Tracker software.

Integria IMS in its 5.0.92 version does not filter correctly some fields related to the login.php file. An attacker could exploit this vulnerability in order to perform a cross-site scripting attack (XSS).

WordPress BulletProof Security plugin version 5.1 suffers from an information disclosure vulnerability.

A insufficiently protected credentials in Fortinet FortiSDNConnector version 1.1.7 and below allows attacker to disclose third-party devices credential information via configuration page lookup.

An improper access control vulnerability in SMA100 allows a remote unauthenticated attacker to bypass the path traversal checks and delete an arbitrary file potentially resulting in a reboot to factory default settings.