36 matches found
ETQ Reliance - Reflected XSS via SQLConverterServlet
A reflected cross-site scripting XSS vulnerability exists in ETQ Reliance CG legacy platform within the SQLConverterServlet component. This vulnerability requires user interaction, such as clicking a crafted link, and may result in execution of unauthorized scripts in the user's context. The...
ETQ Reliance - Authentication Bypass via Trailing Space
An authentication bypass vulnerability exists in ETQ Reliance on the CG legacy platform. The application allowed login as the privileged internal SYSTEM user by manipulating the username field. The SYSTEM account does not require a password, enabling attackers with network access to the login pag...
EUVD-2025-22312
Malicious code in bioql PyPI...
EUVD-2025-22321
Malicious code in bioql PyPI...
EUVD-2025-22314
Malicious code in bioql PyPI...
EUVD-2025-22313
Malicious code in bioql PyPI...
VulnCheck KEV: CVE-2025-34143
An authentication bypass vulnerability exists in ETQ Reliance on the CG legacy platform. The application allowed login as the privileged internal SYSTEM user by manipulating the username field. The SYSTEM account does not require a password, enabling attackers with network access to the login pag...
VulnCheck KEV: CVE-2025-34141
A reflected cross-site scripting XSS vulnerability exists in ETQ Reliance CG legacy platform within the SQLConverterServlet component. This vulnerability requires user interaction, such as clicking a crafted link, and may result in execution of unauthorized scripts in the user's context. The...
CVE-2025-34140
An authorization bypass vulnerability exists in ETQ Reliance legacy CG and NXG SaaS platforms. By appending a specific URI suffix to certain API endpoints, an unauthenticated attacker can bypass access control checks and retrieve limited sensitive resources. The root cause was a misconfiguration ...
CVE-2025-34142
An XML External Entity XXE injection vulnerability exists in ETQ Reliance on the CG legacy platform within the /resources/sessions/sso endpoint. The SAML authentication handler processes XML input without disabling external entity resolution, allowing crafted SAML responses to invoke external...
CVE-2025-34143
An authentication bypass vulnerability exists in ETQ Reliance on the CG legacy platform. The application allowed login as the privileged internal SYSTEM user by manipulating the username field. The SYSTEM account does not require a password, enabling attackers with network access to the login pag...
CVE-2025-34141
A reflected cross-site scripting XSS vulnerability exists in ETQ Reliance CG legacy platform within the SQLConverterServlet component. This vulnerability requires user interaction, such as clicking a crafted link, and may result in execution of unauthorized scripts in the user's context. The...
CVE-2025-34143
An authentication bypass vulnerability exists in ETQ Reliance on the CG legacy platform. The application allowed login as the privileged internal SYSTEM user by manipulating the username field. The SYSTEM account does not require a password, enabling attackers with network access to the login pag...
CVE-2025-34142
An XML External Entity XXE injection vulnerability exists in ETQ Reliance on the CG legacy platform within the /resources/sessions/sso endpoint. The SAML authentication handler processes XML input without disabling external entity resolution, allowing crafted SAML responses to invoke external...
CVE-2025-34141
A reflected cross-site scripting XSS vulnerability exists in ETQ Reliance CG legacy platform within the SQLConverterServlet component. This vulnerability requires user interaction, such as clicking a crafted link, and may result in execution of unauthorized scripts in the user's context. The...
CVE-2025-34140
An authorization bypass vulnerability exists in ETQ Reliance legacy CG and NXG SaaS platforms. By appending a specific URI suffix to certain API endpoints, an unauthenticated attacker can bypass access control checks and retrieve limited sensitive resources. The root cause was a misconfiguration ...
CVE-2025-34141 ETQ Reliance CG < SE.2025.1 Reflected XSS in `SQLConverterServlet`
A reflected cross-site scripting XSS vulnerability exists in ETQ Reliance CG legacy platform within the SQLConverterServlet component. This vulnerability requires user interaction, such as clicking a crafted link, and may result in execution of unauthorized scripts in the user's context. The...
CVE-2025-34141 ETQ Reliance CG < SE.2025.1 Reflected XSS in `SQLConverterServlet`
A reflected cross-site scripting XSS vulnerability exists in ETQ Reliance CG legacy platform within the SQLConverterServlet component. This vulnerability requires user interaction, such as clicking a crafted link, and may result in execution of unauthorized scripts in the user's context. The...
CVE-2025-34141
ETQ Reliance CG (legacy) is affected by a reflected XSS in the SQLConverterServlet. The vulnerability requires user interaction (e.g., clicking a crafted link) and could execute scripts in the authenticated user’s browser. The servlet was unnecessarily exposed to authenticated users and has been ...
CVE-2025-34141
A reflected cross-site scripting XSS vulnerability exists in ETQ Reliance CG legacy platform within the SQLConverterServlet component. This vulnerability requires user interaction, such as clicking a crafted link, and may result in execution of unauthorized scripts in the user's context. The...