From DHS/US-CERT’s National Vulnerability Database
An information disclosure vulnerability exists in the /proc/pid/syscall functionality of Linux Kernel 5.1 Stable and 5.4.66. More specifically, this issue has been introduced in v5.1-rc4 (commit 631b7abacd02b88f4b0795c08b54ad4fc3e7c7c0) and is still present in v5.10-rc4, so itâ€™s l…
Openapi generator is a java tool which allows generation of API client libraries (SDK generation), server stubs, documentation and configuration automatically given an OpenAPI Spec. openapi-generator-online creates insecure temporary folders with File.createTempFile during the code generation proces…
In InvoicePlane 1.5.11, the upload feature discloses the full path of the file upload directory.
An exploitable SQL injection vulnerability exists in â€˜quickFile.jspâ€™ page of OpenClinic GA 5.173.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.
A number of exploitable SQL injection vulnerabilities exists in â€˜patientslist.doâ€™ page of OpenClinic GA 5.173.3 application. The findPersonID parameter in â€˜â€˜patientslist.doâ€™ page is vulnerable to authentic…