Szolgáltatóknak

Cross-Site Request Forgery (CSRF) vulnerability in dor re.place allows Stored XSS. This issue affects re.place: from n/a through 0.2.1.

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in devnex Devnex Addons For Elementor allows PHP Local File...

A vulnerability classified as critical has been found in sfturing hosp_order up to 627f426331da8086ce8fff2017d65b1ddef384f8. Affected is the function findAllHosByCondition of the file...

IBM Cloud Pak System 2.3.5.0, 2.3.3.7, 2.3.3.7 iFix1 on Power and 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.4.0, 2.3.4.1 on Intel operating systems is vulnerable to HTML injection. A remote...

authentik is an open-source identity provider. After authorizing access to a RAC endpoint, authentik creates a token which is used for a single connection and is sent to the client in the URL. This...

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Time-Based Blind SQL Injection vulnerability was discovered in version 3.3.3 the almox...

On open-vsx.org https://open-vsx.org/ it was possible to run an arbitrary build scripts for auto-published extensions because of missing sandboxing of CI job runs. An attacker who had access to...

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Case Informatics Case ERP allows SQL Injection.This issue affects Case ERP: before...

A stored blind XSS vulnerability exists in the Contact Page of the Phpgurukul Medical Card Generation System 1.0 mcgs/contact.php. The name field fails to properly sanitize user input, allowing an...

A Cross-Site Request Forgery (CSRF) vulnerability exists in the Manage Card functionality (/mcgs/admin/manage-card.php) of PHPGurukul Medical Card Generation System 1.0. The vulnerable endpoint...