41 matches found
EUVD-2023-51443
Malicious code in bioql PyPI...
EUVD-2023-51442
Malicious code in bioql PyPI...
EUVD-2023-51439
Malicious code in bioql PyPI...
EUVD-2025-22124
Malicious code in bioql PyPI...
CVE-2025-43720
Headwind MDM before 5.33.1 makes configuration details accessible to unauthorized users. The Configuration profile is exposed to the Observer user role, revealing the password requires to escape out of the MDM controlled device's profile...
CVE-2025-43720
Headwind MDM before 5.33.1 makes configuration details accessible to unauthorized users. The Configuration profile is exposed to the Observer user role, revealing the password requires to escape out of the MDM controlled device's profile...
CVE-2025-43720
Headwind MDM before 5.33.1 makes configuration details accessible to unauthorized users. The Configuration profile is exposed to the Observer user role, revealing the password requires to escape out of the MDM controlled device's profile...
Headwind MDM 安全漏洞
Headwind MDM is a platform for managing Android devices in an organization. A security vulnerability exists in Headwind MDM versions prior to 5.33.1, which stems from configuration details being accessible to unauthorized users, potentially leading to password disclosure...
CVE-2025-43720
Headwind MDM before 5.33.1 makes configuration details accessible to unauthorized users. The Configuration profile is exposed to the Observer user role, revealing the password requires to escape out of the MDM controlled device's profile...
CVE-2025-43720
CVE-2025-43720 affects Headwind MDM prior to 5.33.1. The condition allows unauthorized users (Observer role) to access the Configuration profile, revealing the password needed to escape the MDM-controlled device’s profile. Reported across multiple trusted sources; CVSS vector indicates high confi...
CVE-2025-43720
Headwind MDM before 5.33.1 makes configuration details accessible to unauthorized users. The Configuration profile is exposed to the Observer user role, revealing the password requires to escape out of the MDM controlled device's profile...
PT-2025-27860 · H Mdm +1 · Headwind Mdm +1
Name of the Vulnerable Software and Affected Versions: Headwind MDM versions prior to 5.33.1 Description: Headwind MDM versions prior to 5.33.1 allow unauthorized access to configuration details. Specifically, the configuration profile is exposed to users with the Observer role, revealing the...
CVE-2023-47316
Headwind MDM Web panel 5.22.1 is vulnerable to Incorrect Access Control. The Web panel allows users to gain access to potentially sensitive API calls such as listing users and their data, file management API calls and audit-related API calls...
CVE-2023-47314
Headwind MDM Web panel 5.22.1 is vulnerable to cross-site scripting XSS. The file upload function allows APK and arbitrary files to be uploaded. By exploiting this issue, attackers may upload HTML files and share the download URL pointing to these files with the victims. As the file download...
CVE-2023-47315
Headwind MDM Web panel 5.22.1 is vulnerable to Incorrect Access Control due to a hard-coded JWT Secret. The secret is hardcoded into the source code available to anyone on Git Hub. This secret is used to sign the application’s JWT token and verify the incoming user-supplied tokens...
CVE-2023-47312
Headwind MDM Web panel 5.22.1 is vulnerable to Incorrect Access Control due to Login Credential Leakage via Audit Entries...
CVE-2023-47313
Headwind MDM Web panel 5.22.1 is vulnerable to Directory Traversal. The application uses an API call to move the uploaded temporary file to the file directory during the file upload process. This API call receives two input parameters, such as path and localPath. The first one refers to the...
CVE-2023-47314
Headwind MDM Web panel 5.22.1 is vulnerable to cross-site scripting XSS. The file upload function allows APK and arbitrary files to be uploaded. By exploiting this issue, attackers may upload HTML files and share the download URL pointing to these files with the victims. As the file download...
CVE-2023-47313
Headwind MDM Web panel 5.22.1 is vulnerable to Directory Traversal. The application uses an API call to move the uploaded temporary file to the file directory during the file upload process. This API call receives two input parameters, such as path and localPath. The first one refers to the...
CVE-2023-47313
Headwind MDM Web panel 5.22.1 is vulnerable to Directory Traversal. The application uses an API call to move the uploaded temporary file to the file directory during the file upload process. This API call receives two input parameters, such as path and localPath. The first one refers to the...