-
Trovebox - Authentication Bypass, SQLi, SSRF
Trovebox, a photo sharing and management application, is prone to several critical vulnerabilities. Exploiting is trivial and it is recommended to update to the fixed version from Github.
-
Kaltura Video Platform - Pre-Auth Remote Code Execution (and XSS)
During an interal pentest several critical vulnerabilities could be identified in the latest version of Kaltura Community and Enterprise. The vulnerabilities were fixed in the latest release 13.2.0.
Update: A proof of concept exploit can be found here.