MileSight DeviceHub - CWE-330 Use of Insufficiently Random Values may allow Authentication Bypass

MileSight DeviceHub - CWE-305 Missing Authentication for Critical Function

MileSight DeviceHub - CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') may allow Unauthenticated RCE

Stored Cross-Site Scripting vulnerability in Social Module in M-Files Hubshare before version 5.0.6.0 allows authenticated attacker to run scripts in other users browser

Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks Integration for Contact Form 7 HubSpot.This issue affects Integration for Contact Form 7 HubSpot: from n/a through 1.3.1.

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Sizam Design Rehub allows PHP Local File Inclusion.This issue affects Rehub: from n/a through 19.6.1.

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Sizam Design Rehub allows PHP Local File Inclusion.This issue affects Rehub: from n/a through 19.6.1.

A privilege escalation exists in the updater for Plantronics Hub 3.25.1 and below.

Cross-site Scripting (XSS) vulnerability in HubBank affecting version 1.0.2. This vulnerability allows an attacker to send a specially crafted JavaScript payload to registration and profile forms and trigger the payload when any authenticated user loads the page, resulting in a session takeover.

SQL injection vulnerability in HubBank affecting version 1.0.2. This vulnerability could allow an attacker to send a specially crafted SQL query to the database through different endpoints (/user/transaction.php?id=1, /user/credit-debit_transaction.php?id=1,/user/view_transaction. php?id=1 and /user/viewloantrans.php?id=1, id parameter) and retrieve the information stored in the database.