60 matches found
CVE-2025-67806
The login mechanism of Sage DPW 202106004 displays distinct responses for valid and invalid usernames, allowing enumeration of existing accounts in versions before 202106000. On-premise administrators can toggle this behavior in newer versions...
CVE-2025-67807
The login mechanism of Sage DPW 202506004 displays distinct responses for valid and invalid usernames, allowing enumeration of existing accounts in versions before 202106000. On-premise administrators can toggle this behaviour in newer versions...
CVE-2025-67805
A non-default configuration in Sage DPW 202506004 allows unauthenticated access to diagnostic endpoints within the Database Monitor feature, exposing sensitive information such as hashes and table names. This feature is disabled by default in all installations and never available in Sage DPW Clou...
CVE-2025-67807
The login mechanism of Sage DPW 202506004 displays distinct responses for valid and invalid usernames, allowing enumeration of existing accounts in versions before 202106000. On-premise administrators can toggle this behaviour in newer versions...
CVE-2025-67807
The login mechanism of Sage DPW 202506004 displays distinct responses for valid and invalid usernames, allowing enumeration of existing accounts in versions before 202106000. On-premise administrators can toggle this behaviour in newer versions...
CVE-2025-67805
Sage DPW 2025_06_004 contains a non-default configuration exposing unauthenticated access to diagnostic endpoints of the Database Monitor, allowing exposure of hashes and table names. The feature is disabled by default in all installations and never available in Sage DPW Cloud; Red Hat/NVD/ENISA/...
CVE-2025-67807
The CVE describes an authentication behavior issue in Sage DPW 2025_06_004 where login responses differ for valid vs. invalid usernames, enabling account enumeration on versions prior to 2021_06_000. Affected product: Sage DPW (on-premise deployments); root cause: discriminatory responses during ...
Sage DPW 安全漏洞
Sage DPW is a human resources system developed by the British company Sage. Version Sage DPW 202106004 contains a security vulnerability. This vulnerability stems from the login mechanism, which responds differently to valid and invalid usernames. It may lead to the enumeration of existing accoun...
PT-2026-29543
The login mechanism of Sage DPW 2025 06 004 displays distinct responses for valid and invalid usernames, allowing enumeration of existing accounts in versions before 2021 06 000. On-premise administrators can toggle this behaviour in newer versions...
CVE-2025-67806
CVE-2025-67806 affects Sage DPW login mechanism. The Red Hat/NVD entries describe that, in versions before 2021_06_000, the system returns distinct responses for valid vs. invalid usernames, enabling account enumeration. In newer versions, on‑prem administrators can toggle this behavior. No furth...
EUVD-2020-19128
Malware in sbrugna...
EUVD-2020-19129
Malware in sbrugna...
EUVD-2025-4687
Malicious code in bioql PyPI...
EUVD-2025-23938
Malicious code in bioql PyPI...
EUVD-2025-23861
Malicious code in bioql PyPI...
EUVD-2025-23862
Malicious code in bioql PyPI...
CVE-2025-51531
A reflected cross-site scripting XSS vulnerability in Sage DPW 202412004 and earlier allows attackers to execute arbitrary JavaScript in the context of a victim's browser via injecting a crafted payload into the tabfields parameter at /dpw/scripts/cgiip.exe/WService. The vendor has stated that th...
CVE-2025-51532
Incorrect access control in Sage DPW 202412004 and earlier allows unauthorized attackers to access the built-in Database Monitor via a crafted request. The vendor has stated that the issue is fixed in 202506000, released in June 2025...
CVE-2025-51533
An Insecure Direct Object Reference IDOR in Sage DPW v202412004 and below allows unauthorized attackers to access internal forms via sending a crafted GET request...
CVE-2025-51533
An Insecure Direct Object Reference IDOR in Sage DPW v202412004 and below allows unauthorized attackers to access internal forms via sending a crafted GET request...