CVE-2025-70420

A SQL injection vulnerability exists in Genesys Latitude v25.1.0.420 that allows an authenticated attacker to execute arbitrary SQL queries against the backend database. The vulnerability is caused by unsanitized user-supplied input being concatenated directly into SQL statements...

EUVD-2025-209547

A SQL injection vulnerability exists in Genesys Latitude v25.1.0.420 that allows an authenticated attacker to execute arbitrary SQL queries against the backend database. The vulnerability is caused by unsanitized user-supplied input being concatenated directly into SQL statements...

CVE-2025-70420

Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...

Genesys Latitude 安全漏洞

Genesys Latitude is a debt collection and account management platform developed by Genesys Corporation. Version 25.1.0.420 of Genesys Latitude contains a security vulnerability. This vulnerability arises from the direct concatenation of user input into SQL statements without proper cleaning, whic...

CVE-2025-70420

Based on connected sources, CVE-2025-70420 concerns Genesys Latitude v25.1.0.420 where an authenticated attacker can execute arbitrary SQL queries due to unsanitized user input concatenated into SQL statements. The affected component is Genesys Latitude, version 25.1.0.420; root cause is input un...

CVE-2025-70420

...

CVE-2025-70420

...

PT-2026-34066

Name of the Vulnerable Software and Affected Versions Genesys Latitude version 25.1.0.420 Description An issue exists where unsanitized user-supplied input is concatenated directly into SQL statements. This allows an authenticated attacker to execute arbitrary SQL queries against the backend...

CVE-2025-70420

A SQL injection vulnerability exists in Genesys Latitude v25.1.0.420 that allows an authenticated attacker to execute arbitrary SQL queries against the backend database. The vulnerability is caused by unsanitized user-supplied input being concatenated directly into SQL statements...

CVE-2023-29930

An issue was found in Genesys CIC Polycom phone provisioning TFTP Server all version allows a remote attacker to execute arbitrary code via the login crednetials to the TFTP server configuration page...

CVE-2022-37775

Genesys PureConnect Interaction Web Tools Chat Service up to at least 26- September- 2019 allows XSS within the Printable Chat History via the participant - name JSON POST parameter...

EUVD-2021-13574

Malware in sbrugna...

EUVD-2019-7610

Malware in sbrugna...

EUVD-2023-27308

Malicious code in bioql PyPI...

EUVD-2021-28016

Malicious code in bioql PyPI...

EUVD-2021-28017

Malicious code in bioql PyPI...

EUVD-2022-40385

Malicious code in bioql PyPI...

MAL-2025-41843 Malicious code in @espace-client-axafr/chat-genesys-auth (npm)

The package communicates with a domain associated with malicious activity...

cloud.genesys:web-messaging-sdk (>=3.0.0 <=5.0.0), cn.acooly:acooly-auth-wechat-authenticator (=5.2.1) +557 more potentially affected by CVE-2025-5878 via org.owasp.esapi:esapi (>=2.0GA <=2.6.2.0)

org.owasp.esapi:esapi MAVEN version =2.0GA, =3.0.0, =5.0.0 - cn.acooly:acooly-auth-wechat-authenticator =5.2.1 - cn.dceast.platform:platform-security-starter =2.2.3 - com.acooly:acooly-component-account =5.2.1 - com.acooly:acooly-component-app =5.2.1 - com.acooly:acooly-component-assetmgmt =5.2.1...

CVE-2023-23208

Genesys Administrator Extension GAX before 9.0.105.15 is vulnerable to Cross Site Scripting XSS via the Business Structure page of the iWD plugin, aka GAX-11261...