Nscan9

**Name of the Vulnerable Software and Affected Versions** BigAnt Office Messenger version 5.6.06 **Description** The issue concerns SQL Injection via the `dev code` parameter. This allows for potential exploitation. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** For BigAnt Office Messenger version 5.6.06, as a temporary workaround, consider restricting the use of the `dev code` parameter until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Corezoid Process Engine version 6.5.0 **Description** The issue allows attackers to redirect users to arbitrary websites by appending a crafted link to the `/login/` endpoint in the login page URL. This can be exploited by adding a malicious link to the login page, potentially leading to phishing attacks or other malicious activities. **Recommendations** For Corezoid Process Engine version 6.5.0, consider restricting access to the `/login/` endpoint until a patch is available, or apply configuration changes to prevent redirects to external websites. At the moment, there is no information about a newer version that contains a fix for this vulnerability.