EUVD-2022-51299

Malicious code in bioql PyPI...

EUVD-2022-51300

Malicious code in bioql PyPI...

EUVD-2022-51295

Malicious code in bioql PyPI...

EUVD-2022-51296

Malicious code in bioql PyPI...

EUVD-2022-51297

Malicious code in bioql PyPI...

EUVD-2022-51292

Malicious code in bioql PyPI...

EUVD-2025-26996

Malicious code in bioql PyPI...

EUVD-2022-51283

Malicious code in bioql PyPI...

CVE-2025-58780

index.em7 in ScienceLogic SL1 before 12.1.1 allows SQL Injection via a parameter in a request. NOTE: this is disputed by the Supplier because it "inaccurately describes the vulnerability."...

ScienceLogic SL1 SQL注入漏洞

ScienceLogic SL1 is an application from ScienceLogic, Inc. Connect your real estate together to automate multidirectional data flow and workflow. An SQL injection vulnerability exists in ScienceLogic SL1 versions prior to 12.1.1, which stems from parameter manipulation leading to SQL injection...

CVE-2025-58780

ScienceLogic SL1 before version 12.1.1 has a SQL injection vulnerability in index.em7 triggered by a parameter in a request. Affected software: ScienceLogic SL1 (before 12.1.1). Root cause described in sources: parameter manipulation in index.em7 leading to SQL injection. Reported impact: potenti...

PT-2025-36227

Name of the Vulnerable Software and Affected Versions: ScienceLogic SL1 versions prior to 12.1.1 Description: ScienceLogic SL1 before version 12.1.1 contains a SQL injection flaw. The flaw is located in index.em7 and occurs through a parameter within a request. Recommendations: Upgrade to...

CVE-2025-58780

index.em7 in ScienceLogic SL1 before 12.1.1 allows SQL Injection via a parameter in a request. NOTE: this is disputed by the Supplier because it "inaccurately describes the vulnerability."...

Malicious code in generator-sciencelogic (npm)

The package generator-sciencelogic was found to contain malicious code...

MAL-2025-21302 Malicious code in generator-sciencelogic (npm)

The package generator-sciencelogic was found to contain malicious code...

CVE-2022-48580

A command injection vulnerability exists in the ARP ping device tool feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system...

CVE-2022-48597

A SQL injection vulnerability exists in the “ticket event report” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database...

CVE-2022-48588

A SQL injection vulnerability exists in the “schedule editor decoupled” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database...

CVE-2022-48603

A SQL injection vulnerability exists in the “message viewer iframe” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database...

CVE-2022-48584

A command injection vulnerability exists in the download and convert report feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system...