Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in NotFound Macro Calculator with Admin Email Optin & Data. This issue affects Macro Calculator with Admin Email Optin & Data: from n/a through 1.0.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ShapedPlugin LLC Real Testimonials testimonial-free allows Stored XSS.This issue affects Real Testimonials: from n/a through <= 3.1.6.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Uncanny Owl Uncanny Toolkit for LearnDash uncanny-learndash-toolkit allows Stored XSS.This issue affects Uncanny Toolkit for LearnDash: from n/a through <= 3.7.0.1.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Global Gallery allows Reflected XSS. This issue affects Global Gallery: from n/a through 8.8.0.

Unauthenticated attackers can query information about total energy consumed by EV chargers of arbitrary users.

Unauthenticated attackers can trigger device actions associated with specific "scenes" of arbitrary users.

Unauthenticated attackers can send configuration settings to device and possible perform physical actions remotely (e.g., on/off).

An unauthenticated attackers can obtain a list of smart devices by knowing a valid username through an unprotected API.

Due to lack of server-side input validation, attackers can inject malicious JavaScript code into users personal spaces of the web portal.

An attacker can upload an arbitrary file instead of a plant image.