Dolibarr ERP and CRM version 13.0.2 suffer from a remote code execution vulnerability.
0dd7e4e38cc6c0c22d88da8c1315ae0c0f36dd8f9385afa1c3a2edd42c937216
Dolibarr ERP and CRM version 13.0.2 suffer from a persistent cross site scripting vulnerability.
6afececee15157d0a85c82e9913e53a3fb7f9193f24e64dca4bef906cb032beb
HealthForYou version 1.11.1 and HealthCoach version 2.9.2 are missing a server-side password policy. When creating an account or changing your password the mobile and web application both check the password against the password policy. But the API assumes that the given password is already checked therefore an attacker can intercept the HTTP request and change it to a weak password.
76436b526ba9f4f32e343d01e9e2fa685e376cf002a7d94b46c1f713090fd4b3
VeryFitPro version 3.2.8 sends unencrypted cleartext transmission of sensitive information.
9e9f6ef8313838133d2645a4ff7f6a0403b2a9655c9a0a2e6218c1e2d72dce6d
HealthForYou version 1.11.1 and HealthCoach version 2.9.2 have a vulnerability that allows for account takeover with only prior knowledge of the user's email address needed.
108eb293e5b0d2d18abfd3b3ef0cfabcfe3878c71ef3e5fb6ce42e26588c10f0
HealthForYou version 1.11.1 and HealthCoach version 2.9.2 suffer from a user enumeration vulnerability.
42f3483603f56524c0a83a32c43ca70dcb2416daaa8123abc8aa7afb35f560fe
ERPNext versions 12.18.0 and 13.0.0 suffer from reflective and persistent cross site scripting vulnerabilities.
699a6d07a77fc3e81b2deafe5caea2a355ca696143d694138925ef128a29180b
ERPNext versions 12.18.0 and 13.0.0 suffer from an authenticated remote SQL injection vulnerability.
523163a0deb062c88867d1adebaf1f37f29d520b23f43bd038e1cf829c50a149
Rocket.Chat versions 3.7.1 and below suffers from an email address enumeration vulnerability.
023ad89f274a1ee4b96e849967a0021876dca5479963125bc3acb45d9a8cf6fa