Clinic’s Patient Management System versions 2.0 suffers from a SQL injection vulnerability in the login page.

React Router is a multi-strategy router for React bridging the gap from React 18 to React 19. There is a vulnerability in Remix/React Router that affects all Remix 2 and React Router 7 consumers using the Express adapter. Basically, this vulnerability allows anyone to spoof the URL used in an incom…

No description is available for this CVE.

A vulnerability in the HPE Aruba Networking Virtual Intranet Access (VIA) client could allow malicious users to overwrite arbitrary files as NT AUTHORITY\SYSTEM (root). A successful exploit could allow the creation of a Denial-of-Service (DoS) condition affecting the Microsoft Windows Operating Sys…

Raven is an open-source messaging platform. A vulnerability allowed any logged in user to execute code via an API endpoint. This vulnerability is fixed in 2.1.10.

YesWiki is a wiki system written in PHP. The squelette parameter is vulnerable to path traversal attacks, enabling read access to arbitrary files on the server. This vulnerability is fixed in 4.5.2.

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 7.0.3.1, the Patient Image feature in OpenEMR is vulnerable to cross-site scripting attacks via the EXIF title in an image. This vulnerability is fixed in 7.0.3.1.

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in reputeinfosystems BookingPress allows SQL Injection. This issue affects BookingPress: from n/a through 1.1.28.

Cross-Site Request Forgery (CSRF) vulnerability in Sami Ahmed Siddiqui JSON Structuring Markup allows Stored XSS. This issue affects JSON Structuring Markup: from n/a through 0.1.

Cross-Site Request Forgery (CSRF) vulnerability in ProfitShare.ro WP Profitshare allows Stored XSS. This issue affects WP Profitshare: from n/a through 1.4.9.