Wojciech Giełda

#8183of 53,633
33.6Total CVSS
Vulnerabilities · 4
High
4
PT-2026-45432
8.7
2026-06-01
Ks-Somed · Ks-Somed · CVE-2026-42251
**Name of the Vulnerable Software and Affected Versions** KS-SOMED module KSPLUPDFTP.exe versions prior to 30.00.00.056 KS-SOMED module ANEKSKLIENT.EXE versions prior to 29.00.02.026 **Description** The use of hard-coded credentials allows an unauthorized attacker to gain access to the FTP server hosting the application's update packages. An attacker utilizing these credentials could upload a malicious update file, which may then be distributed and installed on client machines as a legitimate update. **Recommendations** Update KSPLUPDFTP.exe to version 30.00.00.056 or later. Update ANEKSKLIENT.EXE to version 29.00.02.026 or later. Remove hard-coded credentials from the code and modify the update process.
PT-2026-40902
7.5
2026-05-14
Comarch · Erp Optima · CVE-2025-68420
**Name of the Vulnerable Software and Affected Versions** Comarch ERP Optima versions prior to 2026.4 **Description** The client connects to a database using a high privileged account regardless of the application account used for login. A local attacker controlling the client process can dump its memory to extract credentials, enabling privileged access to the database. This requires the client application to be previously configured, although a user does not need to be logged in. **Recommendations** Update to version 2026.4.
PT-2026-40903
8.7
2026-05-14
Comarch · Erp Optima · CVE-2025-68421
**Name of the Vulnerable Software and Affected Versions** Comarch ERP Optima versions prior to 2026.4 **Description** The client uses a hard-coded password for a database user that cannot be changed. This allows a remote attacker to gain access to the database with elevated privileges, which may include the ability to execute system commands on the server. **Recommendations** Update to version 2026.4.
PT-2026-27121
8.7
2026-03-23
Unknown · Klinikaxp Insertino · CVE-2026-1958
**Name of the Vulnerable Software and Affected Versions** KlinikaXP versions prior to 5.39.01.01 KlinikaXP Insertino versions prior to 3.1.0.1 **Description** The use of hard-coded credentials in KlinikaXP and KlinikaXP Insertino allowed an unauthorized attacker access to internal services, including the FTP server hosting application updates. An attacker could upload a malicious update file, potentially distributing and installing it on client machines as a legitimate update. **Recommendations** Update KlinikaXP to version 5.39.01.01 or later. Update KlinikaXP Insertino to version 3.1.0.1 or later. Rotate previously exposed credentials.