CVE-2025-34412

The Convercent Whistleblowing Platform operated by EQS Group contains a protection mechanism failure in its browser and session handling. By default, affected deployments omit HTTP security headers such as Content-Security-Policy, Referrer-Policy, Permissions-Policy, Cross-Origin-Embedder-Policy,...

CVE-2025-34411

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it identified a vulnerability in a SaaS product that does not require user action...

CVE-2025-34412

...

EUVD-2025-203380

The Convercent Whistleblowing Platform operated by EQS Group exposes an unauthenticated API endpoint at /GetLegalEntity that returns internal customer legal-entity names based on a supplied searchText fragment. A remote unauthenticated attacker can query the endpoint using common legal-suffix ter...

CVE-2025-34411

The Convercent Whistleblowing Platform exposes an unauthenticated API endpoint at /GetLegalEntity that returns internal customer legal-entity names based on a supplied searchText fragment. An unauthenticated attacker can query the endpoint with common legal-suffix terms to enumerate Convercent te...