13 matches found
EUVD-2023-57852
Malicious code in bioql PyPI...
EUVD-2025-22086
Malicious code in bioql PyPI...
CVE-2025-6704
CVE-2025-6704 is an arbitrary file writing vulnerability in the Secure PDF eXchange (SPX) feature of Sophos Firewall . The pre-auth remote code execution condition requires a specific SPX configuration enabled in combination with the firewall running in High Availability (HA) mode. Multiple sourc...
CVE-2025-6704
An arbitrary file writing vulnerability in the Secure PDF eXchange SPX feature of Sophos Firewall versions older than 21.0 MR2 21.0.2 can lead to pre-auth remote code execution, if a specific configuration of SPX is enabled in combination with the firewall running in High Availability HA mode...
The vulnerability of the email protection function of Sophos Firewall (formerly known as Sophos XG Firewall) allows a hacker to execute arbitrary code.
The vulnerability of the email protection function of Sophos Firewall formerly Sophos XG Firewall relates to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by using the Secure PDF eXchange SPX...
CVE-2024-12727
A pre-auth SQL injection vulnerability in the email protection feature of Sophos Firewall versions older than 21.0 MR1 21.0.1 allows access to the reporting database and can lead to remote code execution if a specific configuration of Secure PDF eXchange SPX is enabled in combination with the...
CVE-2024-12727
A pre-auth SQL injection vulnerability in the email protection feature of Sophos Firewall versions older than 21.0 MR1 21.0.1 allows access to the reporting database and can lead to remote code execution if a specific configuration of Secure PDF eXchange SPX is enabled in combination with the...
CVE-2024-12727
CVE-2024-12727 is a pre-auth SQL injection affecting Sophos Firewallโs email protection feature on versions older than 21.0 MR1 (21.0.1). The underlying issue can allow access to the reporting database and, in combination with a specific Secure PDF eXchange (SPX) configuration and HA mode, may le...
PT-2024-9754
Name of the Vulnerable Software and Affected Versions Sophos Firewall versions prior to 21.0 MR1 21.0.1 Description A pre-auth SQL injection vulnerability in the email protection feature of Sophos Firewall allows access to the reporting database and can lead to remote code execution if a specific...
CVE-2023-5552
A password disclosure vulnerability in the Secure PDF eXchange SPX feature allows attackers with full email access to decrypt PDFs in Sophos Firewall version 19.5 MR3 19.5.3 and older, if the password type is set to โSpecified by senderโ...
Cross site scripting
A password disclosure vulnerability in the Secure PDF eXchange SPX feature allows attackers with full email access to decrypt PDFs in Sophos Firewall version 19.5 MR3 19.5.3 and older, if the password type is set to โSpecified by senderโ...
CVE-2023-5552
A password disclosure vulnerability in the Secure PDF eXchange SPX feature allows attackers with full email access to decrypt PDFs in Sophos Firewall version 19.5 MR3 19.5.3 and older, if the password type is set to โSpecified by senderโ...
CVE-2023-5552
A password disclosure vulnerability in the Secure PDF eXchange SPX feature allows attackers with full email access to decrypt PDFs in Sophos Firewall version 19.5 MR3 19.5.3 and older, if the password type is set to โSpecified by senderโ...