CVE-2021-33031

In LabCup before v2next18022, it is possible to use the save API to perform unauthorized actions for users without access to user management in order to, after successful exploitation, gain access to a victim's account. A user without the user-management privilege can change another user's email...

CVE-2020-24668

Trace Financial Crest Bridge 6.3.0.02 contains a stored XSS vulnerability, which was fixed in 6.3.0.03...