EUVD-2023-49613

Malicious code in bioql PyPI...

EUVD-2023-37401

Malicious code in bioql PyPI...

CVE-2025-5993

ITCube CRM in versions from 2023.2 through 2025.2 is vulnerable to path traversal. Unauthenticated remote attacker is able to exploit vulnerable parameter fileName and construct payloads that allow to download any file accessible by the the web server process...

CVE-2025-5993

ITCube CRM in versions from 2023.2 through 2025.2 is vulnerable to path traversal. Unauthenticated remote attacker is able to exploit vulnerable parameter fileName and construct payloads that allow to download any file accessible by the the web server process...

CVE-2025-5993

CVE-2025-5993 — ITCube CRM path traversal affects ITCube CRM versions 2023.2–2025.2. The vulnerability arises from an insecure fileName parameter, enabling an unauthenticated attacker to craft payloads that download arbitrary files accessible to the web server process. Impact is primarily confide...

CVE-2025-5993 Path Traversal in ITCube CRM

ITCube CRM in versions from 2023.2 through 2025.2 is vulnerable to path traversal. Unauthenticated remote attacker is able to exploit vulnerable parameter fileName and construct payloads that allow to download any file accessible by the the web server process...

CVE-2025-5993 Path Traversal in ITCube CRM

ITCube CRM in versions from 2023.2 through 2025.2 is vulnerable to path traversal. Unauthenticated remote attacker is able to exploit vulnerable parameter fileName and construct payloads that allow to download any file accessible by the the web server process...

CVE-2024-27609

Bonita before 2023.2-u2 allows stored XSS via a UI screen in the administration panel...

CVE-2023-33231

XSS attack was possible in DPA 2023.2 due to insufficient input validation...

CVE-2024-27609

Bonita before 2023.2-u2 allows stored XSS via a UI screen in the administration panel...

PT-2024-21965 · Bonitasoft · Bonita

Name of the Vulnerable Software and Affected Versions: Bonita versions prior to 2023.2-u2 Bonita versions prior to 10.1.0.W11 Description: The issue allows stored XSS via a UI screen in the administration panel. There is no information provided about the estimated number of potentially affected...

Bonitasoft Bonita Web 安全漏洞

Bonitasoft Bonita Web is an open source business process management and low-code development platform for the Bonitasoft community. A security vulnerability exists in Bonitasoft Bonita Web versions prior to 2023.2-u2, which stems from a stored cross-site scripting attack that is allowed via a UI...

CVE-2023-4539

Use of a hard-coded password for a special database account created during Comarch ERP XL installation allows an attacker to retrieve embedded sensitive data stored in the database. The password is same among all Comarch ERP XL installations. This issue affects ERP XL: from 2020.2.2 through 2023....

CVE-2023-4538

The database access credentials configured during installation are stored in a special table, and are encrypted with a shared key, same among all Comarch ERP XL client installations. This could allow an attacker with access to that table to retrieve plain text passwords. This issue affects ERP XL...

Code injection

The database access credentials configured during installation are stored in a special table, and are encrypted with a shared key, same among all Comarch ERP XL client installations. This could allow an attacker with access to that table to retrieve plain text passwords. This issue affects ERP XL...

CVE-2023-4538 Shared Key in Comarch ERP XL

The database access credentials configured during installation are stored in a special table, and are encrypted with a shared key, same among all Comarch ERP XL client installations. This could allow an attacker with access to that table to retrieve plain text passwords. This issue affects ERP XL...

CVE-2023-4538 Shared Key in Comarch ERP XL

The database access credentials configured during installation are stored in a special table, and are encrypted with a shared key, same among all Comarch ERP XL client installations. This could allow an attacker with access to that table to retrieve plain text passwords. This issue affects ERP XL...

Comarch ERP XL Security Vulnerability

Comarch ERP XL is an enterprise resource planning ERP software from Comarch Poland. A security vulnerability exists in Comarch ERP XL versions 2020.2.2 through 2023.2, which stems from a vulnerability that allows an attacker to retrieve plain text passwords...

PT-2024-13241

Name of the Vulnerable Software and Affected Versions Comarch ERP XL versions 2020.2.2 through 2023.2 Description The Comarch ERP XL client is vulnerable to an MS SQL protocol downgrade request from the server side, which could lead to unencrypted communication. This makes the communication...

PT-2024-14877 · WordPress · Chartjs

Name of the Vulnerable Software and Affected Versions: chartjs WordPress plugin versions through 2023.2 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for example, in a...