CVE-2026-2914

CyberArk Endpoint Privilege Manager Agent versions 25.10.0 and lower allow potential unauthorized privilege elevation leveraging CyberArk elevation dialogs...

CVE-2026-2914

CVE-2026-2914 affects CyberArk Endpoint Privilege Manager Agent

CyberArk Endpoint Privilege Manager Agent 安全漏洞

CyberArk Endpoint Privilege Manager Agent is a security software for managing terminal privileges developed by the Israeli company CyberArk. Versions of CyberArk Endpoint Privilege Manager Agent prior to 25.10.0 contain security vulnerabilities. These vulnerabilities stem from defects in the...

CVE-2025-66374

CyberArk Endpoint Privilege Manager Agent through 25.10.0 allows a local user to achieve privilege escalation through policy elevation of an Administration task...

EUVD-2019-18998

Malware in sbrugna...

EUVD-2018-5002

Malware in sbrugna...

EUVD-2018-4856

Malware in sbrugna...

EUVD-2020-18391

Malware in sbrugna...

EUVD-2025-5961

Malicious code in bioql PyPI...

EUVD-2025-5964

Malicious code in bioql PyPI...

EUVD-2025-5966

Malicious code in bioql PyPI...

EUVD-2021-30908

Malicious code in bioql PyPI...

CVE-2020-25738

CyberArk Endpoint Privilege Manager EPM 11.1.0.173 allows attackers to bypass a Credential Theft protection mechanism by injecting a DLL into a process that normally has credential access, such as a Chrome process that reads credentials from a SQLite database...

CVE-2025-22271

The application or its infrastructure allows for IP address spoofing by providing its own value in the "X-Forwarded-For" header. Thus, the action logging mechanism in the application loses accountability This issue affects CyberArk Endpoint Privilege Manager in SaaS version 24.7.1. The status of...

CVE-2025-22270

An attacker with access to the Administration panel, specifically the "Role Management" tab, can inject code by adding a new role in the "name" field. It should be noted, however, that the risk of exploiting vulnerability is reduced due to the required additional error that allows bypassing the...

CVE-2025-22274

It is possible to inject HTML code into the page content using the "content" field in the "Application definition" page. This issue affects CyberArk Endpoint Privilege Manager in SaaS version 24.7.1. The status of other versions is unknown. After multiple attempts to contact the vendor we did not...

CVE-2025-22274

It is possible to inject HTML code into the page content using the "content" field in the "Application definition" page. This issue affects CyberArk Endpoint Privilege Manager in SaaS version 24.7.1. The status of other versions is unknown. After multiple attempts to contact the vendor we did not...

CVE-2025-22270

An attacker with access to the Administration panel, specifically the "Role Management" tab, can inject code by adding a new role in the "name" field. It should be noted, however, that the risk of exploiting vulnerability is reduced due to the required additional error that allows bypassing the...

CVE-2025-22271

The application or its infrastructure allows for IP address spoofing by providing its own value in the "X-Forwarded-For" header. Thus, the action logging mechanism in the application loses accountability This issue affects CyberArk Endpoint Privilege Manager in SaaS version 24.7.1. The status of...

CVE-2025-22272

In the "/EPMUI/ModalDlgHandler.ashx?value=showReadonlyDlg" endpoint, it is possible to inject code in the "modalDlgMsgInternal" parameter via POST, which is then executed in the browser. The risk of exploiting vulnerability is reduced due to the required additional bypassing the...