CVE-2026-33918 OpenEMR Missing Authorization on Claim File Download Endpoint

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, the billing file-download endpoint interface/billing/getclaimfile.php only verifies that the caller has a valid session and CSRF token, but does not check any ACL...

Zulip 安全漏洞

Zulip is a powerful open-source chat application developed by the US company Zulip Corporation. It combines the immediacy of real-time conversations with the productivity benefits of threaded dialogue. Zulip has a security vulnerability, which stems from the lack of specific authorization checks...

PT-2023-11795 · Thinkific · Thinkific Online Course Creation Platform

Name of the Vulnerable Software and Affected Versions: Thinkific Thinkific Online Course Creation Platform version 1.0 Description: The issue is related to a Cross Site Scripting XSS vulnerability, allowing an attacker to execute arbitrary code remotely. The vulnerable component is the source cod...

PT-2023-16632 · Sourcecodester · Sourcecodester Best Pos Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Best POS Management System version 1.0 Description: A critical issue has been found in the software, affecting an unknown functionality of the file billing/index.php?id=9. The manipulation of the id argument leads to sql...