CVE-2025-15622

Insufficiently Protected Credentials vulnerability in Sparx Systems Pty Ltd. Sparx Enterprise Architect. Client reveals plaintext OAuth2 client secretDesktop client decodes the secret and uses the plaintext secret to exchange it into an access and id tokens as part of the OpenID authentication fl...

EUVD-2025-14085

Malicious code in bioql PyPI...

EUVD-2025-14086

Malicious code in bioql PyPI...

EUVD-2025-14084

Malicious code in bioql PyPI...

CVE-2025-4377

Improper Limitation of a Pathname caused a Path Traversal vulnerability in Sparx Systems Pro Cloud Server. This vulnerability is present in logview.php and it allows reading arbitrary files on the filesystem. Logview is accessible on Pro Cloud Server Configuration interface. This issue affects Pr...

CVE-2025-4376

Improper Input Validation vulnerability in Sparx Systems Pro Cloud Server's WebEA model search field allows Cross-Site Scripting XSS. This issue affects Pro Cloud Server: earlier than 6.0.165...

CVE-2025-4375

Cross-Site Request Forgery CSRF vulnerability in Sparx Systems Pro Cloud Server allows Cross-Site Request Forgery to perform Session Hijacking. Cross-Site Request Forgery is present at the whole application but it can be used to change the Pro Cloud Server Configuration password. This issue affec...

CVE-2025-4377

Improper Limitation of a Pathname caused a Path Traversal vulnerability in Sparx Systems Pro Cloud Server. This vulnerability is present in logview.php and it allows reading arbitrary files on the filesystem. Logview is accessible on Pro Cloud Server Configuration interface. This issue affects Pr...

CVE-2025-4376

Improper Input Validation vulnerability in Sparx Systems Pro Cloud Server's WebEA model search field allows Cross-Site Scripting XSS. This issue affects Pro Cloud Server: earlier than 6.0.165...

PT-2025-20475 · Sparx Systems · Sparx Systems Pro Cloud Server

Name of the Vulnerable Software and Affected Versions: Sparx Systems Pro Cloud Server versions earlier than 6.0.165 Description: The issue is caused by an Improper Limitation of a Pathname, leading to a Path Traversal vulnerability in Sparx Systems Pro Cloud Server. This vulnerability is present ...

PT-2025-20473 · Sparx Systems · Sparx Systems Pro Cloud Server

Name of the Vulnerable Software and Affected Versions: Sparx Systems Pro Cloud Server versions earlier than 6.0.165 Description: A Cross-Site Request Forgery CSRF issue is present in the whole application, allowing for Session Hijacking. This issue can be used to change the Pro Cloud Server...

PT-2025-20474 · Sparx Systems · Sparx Systems Pro Cloud Server

Name of the Vulnerable Software and Affected Versions: Sparx Systems Pro Cloud Server versions earlier than 6.0.165 Description: The issue is related to an Improper Input Validation vulnerability in the WebEA model search field of Sparx Systems Pro Cloud Server, which allows Cross-Site Scripting...

Sparx Systems Enterprise Architect 安全漏洞

Sparx Systems Enterprise Architect is an OMG UML-based visual modeling and design tool from Sparx Systems, Australia. A security vulnerability exists in Sparx Systems Enterprise Architect version 16.0.1605, which stems from the Find parameter of the Select Classifier dialog box that allows SQL...

Sparx Systems Enterprise Architect 9.3.931 Corporate Password Disclosure

Subject ======= Simple password obfuscation in Sparx Systems "Enterprise Architect" when using server based repositories Affected product ================ Product: Enterprise Architect Vendor: Sparx Systems Affected versions ================= Tested with 9.3.931 Corporate, other versions likely t...