EUVD-2026-24185

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.214, the Change Customer modal exposes a “Create a new customer” flow via POST /customers/ajax with action=create. Under limited visibility, the endpoint drops unique-email validation. If the supplied email already...

EUVD-2021-8422

Malicious code in bioql PyPI...

MAL-2025-41491 Malicious code in @twork-data-services/customer-api-v2-customer-vip-status (npm)

--- -= Per source details. Do not edit below this line.=-...

CVE-2024-42834

A stored cross-site scripting XSS vulnerability in the Create Customer API in Incognito Service Activation Center SAC UI v14.11 allows authenticated attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the lastName parameter...

CVE-2021-21270

OctopusDSC is a PowerShell module with DSC resources that can be used to install and configure an Octopus Deploy Server and Tentacle agent. In OctopusDSC version 4.0.977 and earlier a customer API key used to connect to Octopus Server is exposed via logging in plaintext. This vulnerability is...

CVE-2024-42834

A stored cross-site scripting XSS vulnerability in the Create Customer API in Incognito Service Activation Center SAC UI v14.11 allows authenticated attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the lastName parameter...

CVE-2024-42834

A stored cross-site scripting XSS vulnerability in the Create Customer API in Incognito Service Activation Center SAC UI v14.11 allows authenticated attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the lastName parameter...

CVE-2024-42834

A stored cross-site scripting XSS vulnerability in the Create Customer API in Incognito Service Activation Center SAC UI v14.11 allows authenticated attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the lastName parameter...

Adobe Bridge 11.x < 11.0.1 Multiple Vulnerabilities (APSB21-07)

The version of Adobe Bridge installed on the remote Windows host is prior to 11.0.1. It is, therefore, affected by multiple vulnerabilities as referenced in the apsb21-07 advisory. - Adobe Bridge version 11.0 and earlier is affected by an out-of-bounds write vulnerability when parsing TTF files...

Adobe Bridge 11.x < 11.0.1 Multiple Vulnerabilities (APSB21-07)

The version of Adobe Bridge installed on the remote macOS or Mac OS X host is prior to 11.0.1. It is, therefore, affected by multiple vulnerabilities as referenced in the apsb21-07 advisory. - Adobe Bridge version 11.0 and earlier is affected by an out-of-bounds write vulnerability when parsing T...

CVE-2021-21013

Magento versions 2.4.1 and earlier, 2.4.0-p1 and earlier and 2.3.6 and earlier are vulnerable to an insecure direct object vulnerability IDOR in the customer API module. Successful exploitation could lead to sensitive information disclosure and update arbitrary information on another user's accou...

CVE-2021-21013

Magento versions 2.4.1 and earlier, 2.4.0-p1 and earlier and 2.3.6 and earlier are vulnerable to an insecure direct object vulnerability IDOR in the customer API module. Successful exploitation could lead to sensitive information disclosure and update arbitrary information on another user's accou...

Design/Logic Flaw

Magento versions 2.4.1 and earlier, 2.4.0-p1 and earlier and 2.3.6 and earlier are vulnerable to an insecure direct object vulnerability IDOR in the customer API module. Successful exploitation could lead to sensitive information disclosure and update arbitrary information on another user's accou...

am.ik.github:reactive-github-client (>=0.0.1 <=0.0.4), ca.uhn.hapi.fhir:hapi-fhir-jpaserver-base (>=3.1.0 <=3.2.0) +218 more potentially affected by CVE-2018-15756 via org.springframework:spring-core (=5.0.0.RELEASE)

org.springframework:spring-core MAVEN version =5.0.0.RELEASE is affected by a known vulnerability. The following packages have a transitive dependency on org.springframework:spring-core and may be impacted: - am.ik.github:reactive-github-client =0.0.1, =3.1.0, =3.1.0, =3.1.0, =3.1.0, =3.1.0,...

Information Disclosure

Merchello.Web is vulnerable to information disclosure. A remote attacker is able to obtain and enumerate all customers' address via the customer API query...