19 matches found
EUVD-2024-43255
Malicious code in bioql PyPI...
EUVD-2025-6279
Malicious code in bioql PyPI...
CVE-2024-51182
HTML Injection vulnerability in Celk Sistemas Celk Saude v.3.1.252.1 allows a remote attacker to inject arbitrary HTML code via the "erro" parameter...
CVE-2024-48761
Reflected XSS vulnerability in Celk Sistemas Celk Saude v.3.1.252.1 allows a remote attacker to inject arbitrary JavaScript code via the "erro" parameter...
CVE-2024-55198
User Enumeration via Discrepancies in Error Messages in the Celk Sistemas Celk Saude v.3.1.252.1 password recovery functionality which allows a remote attacker to enumerate users through discrepancies in the responses...
CVE-2024-55199
A Stored Cross Site Scripting XSS vulnerability in Celk Sistemas Celk Saude v.3.1.252.1 allows a remote attacker to store JavaScript code inside a PDF file through the file upload feature. When the file is rendered, the injected code is executed on the user's browser...
CVE-2024-55198
User Enumeration via Discrepancies in Error Messages in the Celk Sistemas Celk Saude v.3.1.252.1 password recovery functionality which allows a remote attacker to enumerate users through discrepancies in the responses...
CVE-2024-55198
User Enumeration via Discrepancies in Error Messages in the Celk Sistemas Celk Saude v.3.1.252.1 password recovery functionality which allows a remote attacker to enumerate users through discrepancies in the responses...
PT-2025-11185 · Celk Sistemas · Celk Saude
Name of the Vulnerable Software and Affected Versions: Celk Sistemas Celk Saude version 3.1.252.1 Description: The issue concerns user enumeration via discrepancies in error messages in the password recovery functionality, allowing a remote attacker to enumerate users through different responses...
CVE-2024-55198
User Enumeration via Discrepancies in Error Messages in the Celk Sistemas Celk Saude v.3.1.252.1 password recovery functionality which allows a remote attacker to enumerate users through discrepancies in the responses...
CVE-2024-55199
A Stored Cross Site Scripting XSS vulnerability in Celk Sistemas Celk Saude v.3.1.252.1 allows a remote attacker to store JavaScript code inside a PDF file through the file upload feature. When the file is rendered, the injected code is executed on the user's browser...
CVE-2024-55199
A Stored Cross Site Scripting XSS vulnerability in Celk Sistemas Celk Saude v.3.1.252.1 allows a remote attacker to store JavaScript code inside a PDF file through the file upload feature. When the file is rendered, the injected code is executed on the user's browser...
CVE-2024-55199
CVE-2024-55199 describes a Stored XSS in Celk Sistemas Celk Saude v3.1.252.1. The vulnerability allows an attacker to embed JavaScript inside a PDF uploaded via the file-upload feature; when the PDF is rendered, the script executes in the user’s browser. Affected product/version: Celk Saude v3.1....
CVE-2024-55199
A Stored Cross Site Scripting XSS vulnerability in Celk Sistemas Celk Saude v.3.1.252.1 allows a remote attacker to store JavaScript code inside a PDF file through the file upload feature. When the file is rendered, the injected code is executed on the user's browser...
CVE-2024-51182
HTML Injection vulnerability in Celk Sistemas Celk Saude v.3.1.252.1 allows a remote attacker to inject arbitrary HTML code via the "erro" parameter...
CVE-2024-51182
HTML Injection vulnerability in Celk Sistemas Celk Saude v.3.1.252.1 allows a remote attacker to inject arbitrary HTML code via the "erro" parameter...
Celk Sistemas Celk Saude 安全漏洞
Celk Sistemas Celk Saude is a health sector management software from Celk Sistemas, Brazil. A security vulnerability exists in Celk Sistemas Celk Saude version 3.1.252.1, which stems from improper validation or cleanup of erro parameters, resulting in vulnerability to injection attacks...
CVE-2024-51182
HTML Injection vulnerability in Celk Sistemas Celk Saude v.3.1.252.1 allows a remote attacker to inject arbitrary HTML code via the "erro" parameter...
CVE-2024-51182
HTML Injection vulnerability in Celk Sistemas Celk Saude v.3.1.252.1 allows a remote attacker to inject arbitrary HTML code via the "erro" parameter...