168 matches found
EUVD-2025-5964
Malicious code in bioql PyPI...
EUVD-2025-5959
Malicious code in bioql PyPI...
EUVD-2025-5961
Malicious code in bioql PyPI...
EUVD-2025-5958
Malicious code in bioql PyPI...
CVE-2024-52926
Delinea Privilege Manager before 12.0.2 mishandles the security of the Windows agent...
CVE-2020-25738
CyberArk Endpoint Privilege Manager EPM 11.1.0.173 allows attackers to bypass a Credential Theft protection mechanism by injecting a DLL into a process that normally has credential access, such as a Chrome process that reads credentials from a SQLite database...
CVE-2025-22271
The application or its infrastructure allows for IP address spoofing by providing its own value in the "X-Forwarded-For" header. Thus, the action logging mechanism in the application loses accountability This issue affects CyberArk Endpoint Privilege Manager in SaaS version 24.7.1. The status of...
CVE-2025-22270
An attacker with access to the Administration panel, specifically the "Role Management" tab, can inject code by adding a new role in the "name" field. It should be noted, however, that the risk of exploiting vulnerability is reduced due to the required additional error that allows bypassing the...
CVE-2025-22274
It is possible to inject HTML code into the page content using the "content" field in the "Application definition" page. This issue affects CyberArk Endpoint Privilege Manager in SaaS version 24.7.1. The status of other versions is unknown. After multiple attempts to contact the vendor we did not...
CVE-2025-22272
In the "/EPMUI/ModalDlgHandler.ashx?value=showReadonlyDlg" endpoint, it is possible to inject code in the "modalDlgMsgInternal" parameter via POST, which is then executed in the browser. The risk of exploiting vulnerability is reduced due to the required additional bypassing the...
CVE-2025-22274
It is possible to inject HTML code into the page content using the "content" field in the "Application definition" page. This issue affects CyberArk Endpoint Privilege Manager in SaaS version 24.7.1. The status of other versions is unknown. After multiple attempts to contact the vendor we did not...
CVE-2025-22272
In the "/EPMUI/ModalDlgHandler.ashx?value=showReadonlyDlg" endpoint, it is possible to inject code in the "modalDlgMsgInternal" parameter via POST, which is then executed in the browser. The risk of exploiting vulnerability is reduced due to the required additional bypassing the...
CVE-2025-22271
The application or its infrastructure allows for IP address spoofing by providing its own value in the "X-Forwarded-For" header. Thus, the action logging mechanism in the application loses accountability This issue affects CyberArk Endpoint Privilege Manager in SaaS version 24.7.1. The status of...
CVE-2025-22270
An attacker with access to the Administration panel, specifically the "Role Management" tab, can inject code by adding a new role in the "name" field. It should be noted, however, that the risk of exploiting vulnerability is reduced due to the required additional error that allows bypassing the...
CVE-2025-22273
Application does not limit the number or frequency of user interactions, such as the number of incoming requests. At the "/EPMUI/VfManager.asmx/ChangePassword" endpoint it is possible to perform a brute force attack on the current password in use. This issue affects CyberArk Endpoint Privilege...
CVE-2025-22274 HTML injection in CyberArk Endpoint Privilege Manager
It is possible to inject HTML code into the page content using the "content" field in the "Application definition" page. This issue affects CyberArk Endpoint Privilege Manager in SaaS version 24.7.1. The status of other versions is unknown. After multiple attempts to contact the vendor we did not...
CVE-2025-22274 HTML injection in CyberArk Endpoint Privilege Manager
It is possible to inject HTML code into the page content using the "content" field in the "Application definition" page. This issue affects CyberArk Endpoint Privilege Manager in SaaS version 24.7.1. The status of other versions is unknown. After multiple attempts to contact the vendor we did not...
CVE-2025-22274
CVE-2025-22274 affects CyberArk Endpoint Privilege Manager (SaaS) 24.7.1. Affected component: the HTML content entered in the Application definition page can lead to HTML injection in the page output. Root cause described in sources as an HTML injection via the content field; other versions are u...
CVE-2025-22273 Lack of rate-limiting in password change mechanism in CyberArk Endpoint Privilege Manager
Application does not limit the number or frequency of user interactions, such as the number of incoming requests. At the "/EPMUI/VfManager.asmx/ChangePassword" endpoint it is possible to perform a brute force attack on the current password in use. This issue affects CyberArk Endpoint Privilege...
CVE-2025-22273 Lack of rate-limiting in password change mechanism in CyberArk Endpoint Privilege Manager
Application does not limit the number or frequency of user interactions, such as the number of incoming requests. At the "/EPMUI/VfManager.asmx/ChangePassword" endpoint it is possible to perform a brute force attack on the current password in use. This issue affects CyberArk Endpoint Privilege...