136 matches found
EUVD-2014-8392
Malware in sbrugna...
EUVD-2007-2499
Malware in sbrugna...
EUVD-2024-48283
Malicious code in bioql PyPI...
EUVD-2025-26702
Malicious code in bioql PyPI...
EUVD-2023-44659
Malicious code in bioql PyPI...
EUVD-2022-34167
Malicious code in bioql PyPI...
EUVD-2023-38302
Malicious code in bioql PyPI...
EUVD-2024-48284
Malicious code in bioql PyPI...
Progress OpenEdge 12.2.x < 12.2.18 / 12.8.x < 12.8.9 RCE (000288507)
The version of Progress OpenEdge installed on the remote host is 12.2.x prior to 12.2.18, or 12.8.x prior to 12.8.9. It is, therefore, affected by a remote code execution vulnerability as referenced in the 000288507 advisory. - It was possible to perform Remote Command Execution RCE via Java RMI...
CVE-2025-7388
It was possible to perform Remote Command Execution RCE via Java RMI interface in the OpenEdge AdminServer, allowing authenticated users to inject and execute OS commands under the delegated authority of the AdminServer process. An RMI interface permitted manipulation of a configuration property...
CVE-2025-7388
It was possible to perform Remote Command Execution RCE via Java RMI interface in the OpenEdge AdminServer, allowing authenticated users to inject and execute OS commands under the delegated authority of the AdminServer process. An RMI interface permitted manipulation of a configuration property...
CVE-2025-7388 Authenticated Command Injection via configuration parameter manipulation in exposed RMI interface
It was possible to perform Remote Command Execution RCE via Java RMI interface in the OpenEdge AdminServer, allowing authenticated users to inject and execute OS commands under the delegated authority of the AdminServer process. An RMI interface permitted manipulation of a configuration property...
CVE-2025-7388 Authenticated Command Injection via configuration parameter manipulation in exposed RMI interface
It was possible to perform Remote Command Execution RCE via Java RMI interface in the OpenEdge AdminServer, allowing authenticated users to inject and execute OS commands under the delegated authority of the AdminServer process. An RMI interface permitted manipulation of a configuration property...
Progress Software OpenEdge 命令注入漏洞
Progress Software OpenEdge is a suite of integrated development environments IDEs from Progress Software, USA. A command injection vulnerability exists in Progress Software OpenEdge that stems from insufficient input validation of the Java RMI interface, which could lead to a remote command...
PT-2025-35938
Name of the Vulnerable Software and Affected Versions OpenEdge AdminServer affected versions not specified Description The OpenEdge AdminServer is susceptible to Remote Command Execution RCE via its Java RMI interface. Authenticated users can inject and execute OS commands under the delegated...
CVE-2023-34203
In Progress OpenEdge OEM OpenEdge Management and OEE OpenEdge Explorer before 12.7, a remote user who has any OEM or OEE role could perform a URL injection attack to change identity or role membership, e.g., escalate to admin. This affects OpenEdge LTS before 11.7.16, 12.x before 12.2.12, and...
CVE-2022-29849
In Progress OpenEdge before 11.7.14 and 12.x before 12.2.9, certain SUID binaries within the OpenEdge application were susceptible to privilege escalation. If exploited, a local attacker could elevate their privileges and compromise the affected system...
CVE-2024-7345
Local ABL Client bypass of the required PASOE security checks may allow an attacker to commit unauthorized code injection into Multi-Session Agents on supported OpenEdge LTS platforms up to OpenEdge LTS 11.7.18 and LTS 12.2.13 on all supported release platforms...
CVE-2024-7654
An ActiveMQ Discovery service was reachable by default from an OpenEdge Management installation when an OEE/OEM auto-discovery feature was activated. Unauthorized access to the discovery service's UDP port allowed content injection into parts of the OEM web interface making it possible for other...
CVE-2024-7346
Host name validation for TLS certificates is bypassed when the installed OpenEdge default certificates are used to perform the TLS handshake for a networked connection. This has been corrected so that default certificates are no longer capable of overriding host name validation and will need to b...