21 matches found
EUVD-2025-6265
Malicious code in bioql PyPI...
EUVD-2025-6262
Malicious code in bioql PyPI...
CVE-2025-29998
This vulnerability exists in the CAP back office application due to missing rate limiting on OTP requests in an API endpoint. An authenticated remote attacker could exploit this vulnerability by sending multiple OTP request through vulnerable API endpoint which could lead to the OTP...
CVE-2025-29995
This vulnerability exists in the CAP back office application due to a weak password-reset mechanism implemented at API endpoints. An authenticated remote attacker with a valid login ID could exploit this vulnerability through vulnerable API endpoint which could lead to account takeover of targete...
CVE-2025-29997
This vulnerability exists in the CAP back office application due to improper authorization checks on certain API endpoints. An authenticated remote attacker could exploit this vulnerability by manipulating API request URL to gain unauthorized access to other user accounts...
CVE-2025-29994
This vulnerability exists in the CAP back office application due to improper authentication check at the API endpoint. An unauthenticated remote attacker with a valid login ID could exploit this vulnerability by manipulating API input parameters through API request URL/payload leading to...
CVE-2025-29996
This vulnerability exists in the CAP back office application due to improper implementation of OTP verification mechanism in its API based login. A remote attacker with valid credentials could exploit this vulnerability by manipulating API request URL/payload. Successful exploitation of this...
CVE-2025-29997
This vulnerability exists in the CAP back office application due to improper authorization checks on certain API endpoints. An authenticated remote attacker could exploit this vulnerability by manipulating API request URL to gain unauthorized access to other user accounts...
CVE-2025-29996
This vulnerability exists in the CAP back office application due to improper implementation of OTP verification mechanism in its API based login. A remote attacker with valid credentials could exploit this vulnerability by manipulating API request URL/payload. Successful exploitation of this...
CVE-2025-29998
CVE-2025-29998 affects the CAP back office application. The vulnerability arises from missing rate limiting on OTP requests in a vulnerable API endpoint, allowing an authenticated remote attacker to trigger repeated OTP requests and cause OTP bombing/flooding on the targeted system. Connected sou...
CVE-2025-29997 Improper Access Control Vulnerability in CAP back office application
This vulnerability exists in the CAP back office application due to improper authorization checks on certain API endpoints. An authenticated remote attacker could exploit this vulnerability by manipulating API request URL to gain unauthorized access to other user accounts...
CVE-2025-29997 Improper Access Control Vulnerability in CAP back office application
This vulnerability exists in the CAP back office application due to improper authorization checks on certain API endpoints. An authenticated remote attacker could exploit this vulnerability by manipulating API request URL to gain unauthorized access to other user accounts...
CVE-2025-29996 Authentication Bypass Vulnerability in CAP back office application
This vulnerability exists in the CAP back office application due to improper implementation of OTP verification mechanism in its API based login. A remote attacker with valid credentials could exploit this vulnerability by manipulating API request URL/payload. Successful exploitation of this...
CVE-2025-29996 Authentication Bypass Vulnerability in CAP back office application
This vulnerability exists in the CAP back office application due to improper implementation of OTP verification mechanism in its API based login. A remote attacker with valid credentials could exploit this vulnerability by manipulating API request URL/payload. Successful exploitation of this...
CVE-2025-29995 Account Takeover Vulnerability in CAP back office application
This vulnerability exists in the CAP back office application due to a weak password-reset mechanism implemented at API endpoints. An authenticated remote attacker with a valid login ID could exploit this vulnerability through vulnerable API endpoint which could lead to account takeover of targete...
CVE-2025-29995
The CVE-2025-29995 entry refers to a vulnerability in the CAP back office application caused by a weak password-reset mechanism implemented at API endpoints. An authenticated remote attacker with a valid login ID could exploit the vulnerable API endpoint to achieve account takeover of targeted us...
CVE-2025-29995 Account Takeover Vulnerability in CAP back office application
This vulnerability exists in the CAP back office application due to a weak password-reset mechanism implemented at API endpoints. An authenticated remote attacker with a valid login ID could exploit this vulnerability through vulnerable API endpoint which could lead to account takeover of targete...
CVE-2025-29994 Improper Authentication Vulnerability in CAP back office application
This vulnerability exists in the CAP back office application due to improper authentication check at the API endpoint. An unauthenticated remote attacker with a valid login ID could exploit this vulnerability by manipulating API input parameters through API request URL/payload leading to...
CVE-2025-29994 Improper Authentication Vulnerability in CAP back office application
This vulnerability exists in the CAP back office application due to improper authentication check at the API endpoint. An unauthenticated remote attacker with a valid login ID could exploit this vulnerability by manipulating API input parameters through API request URL/payload leading to...
CVE-2025-29994
CVE-2025-29994 affects the CAP back office application. The root cause is an improper authentication check at an API endpoint, allowing an unauthenticated remote attacker with a valid login ID to manipulate API input parameters via URL/payload and gain unauthorized access to other user accounts. ...