44 matches found
EUVD-2025-28245
Malicious code in bioql PyPI...
EUVD-2025-28246
Malicious code in bioql PyPI...
EUVD-2025-28247
Malicious code in bioql PyPI...
EUVD-2023-42816
Malicious code in bioql PyPI...
EUVD-2025-28248
Malicious code in bioql PyPI...
CVE-2025-48740
A Cross-Site Request Forgery CSRF vulnerability in StrangeBee TheHive 5.2.0 before 5.2.16, 5.3.0 before 5.3.11, 5.4.0 before 5.4.10, and 5.5.0 before 5.5.1 allows a remote attacker to trigger requests on their victim's behalf, if the attacker lures a privileged user, authenticated with basic...
CVE-2025-48741
A Broken Access Control vulnerability in StrangeBee TheHive 5.2.0 before 5.2.16, 5.3.0 before 5.3.11, and 5.4.0 before 5.4.10 allows remote, authenticated, and unprivileged users to retrieve alerts, cases, logs, observables, or tasks, regardless of the user's permissions, through a specific API...
CVE-2025-48738
An e-mail flooding vulnerability in StrangeBee TheHive 5.2.0 before 5.2.16, 5.3.0 before 5.3.11, 5.4.0 before 5.4.10, and 5.5.0 before 5.5.1 allows unauthenticated remote attackers to use the password reset feature without limits. This can lead to several consequences, including mailbox storage...
CVE-2025-48741
A Broken Access Control vulnerability in StrangeBee TheHive 5.2.0 before 5.2.16, 5.3.0 before 5.3.11, and 5.4.0 before 5.4.10 allows remote, authenticated, and unprivileged users to retrieve alerts, cases, logs, observables, or tasks, regardless of the user's permissions, through a specific API...
CVE-2025-48740
A Cross-Site Request Forgery CSRF vulnerability in StrangeBee TheHive 5.2.0 before 5.2.16, 5.3.0 before 5.3.11, 5.4.0 before 5.4.10, and 5.5.0 before 5.5.1 allows a remote attacker to trigger requests on their victim's behalf, if the attacker lures a privileged user, authenticated with basic...
CVE-2025-48738
An e-mail flooding vulnerability in StrangeBee TheHive 5.2.0 before 5.2.16, 5.3.0 before 5.3.11, 5.4.0 before 5.4.10, and 5.5.0 before 5.5.1 allows unauthenticated remote attackers to use the password reset feature without limits. This can lead to several consequences, including mailbox storage...
CVE-2025-48739
A Server-Side Request Forgery SSRF vulnerability in StrangeBee TheHive 5.2.0 before 5.2.16, 5.3.0 before 5.3.11, 5.4.0 before 5.4.10, and 5.5.0 before 5.5.1 allows remote authenticated attackers with admin permissions allowing them to access specific API endpoints to manipulate URLs to direct...
CVE-2025-48738
An e-mail flooding vulnerability in StrangeBee TheHive 5.2.0 before 5.2.16, 5.3.0 before 5.3.11, 5.4.0 before 5.4.10, and 5.5.0 before 5.5.1 allows unauthenticated remote attackers to use the password reset feature without limits. This can lead to several consequences, including mailbox storage...
CVE-2025-48741
A Broken Access Control vulnerability in StrangeBee TheHive 5.2.0 before 5.2.16, 5.3.0 before 5.3.11, and 5.4.0 before 5.4.10 allows remote, authenticated, and unprivileged users to retrieve alerts, cases, logs, observables, or tasks, regardless of the user's permissions, through a specific API...
StrangeBee TheHive 代码问题漏洞
StrangeBee TheHive is an application from StrangeBee, Inc. A code issue vulnerability exists in StrangeBee TheHive versions prior to 5.5.1 that stems from server-side request forgery and could lead to access to internal resources...
CVE-2025-48738
The CVE-2025-48738 entry concerns StrangeBee TheHive and is supported by multiple sources in Connected documents. Affected: TheHive versions 5.2.0–5.2.15, 5.3.0–5.3.10, 5.4.0–5.4.9, and 5.5.0. Root cause: an unrestricted password-reset feature allows unauthenticated remote attackers to trigger re...
StrangeBee TheHive 安全漏洞
StrangeBee TheHive is an application from StrangeBee, Inc. A security vulnerability exists in StrangeBee TheHive versions prior to 5.4.10, which stems from improper access control and could lead to unauthorized users retrieving data...
CVE-2025-48740
A Cross-Site Request Forgery CSRF vulnerability in StrangeBee TheHive 5.2.0 before 5.2.16, 5.3.0 before 5.3.11, 5.4.0 before 5.4.10, and 5.5.0 before 5.5.1 allows a remote attacker to trigger requests on their victim's behalf, if the attacker lures a privileged user, authenticated with basic...
CVE-2025-48740
A Cross-Site Request Forgery CSRF vulnerability in StrangeBee TheHive 5.2.0 before 5.2.16, 5.3.0 before 5.3.11, 5.4.0 before 5.4.10, and 5.5.0 before 5.5.1 allows a remote attacker to trigger requests on their victim's behalf, if the attacker lures a privileged user, authenticated with basic...
PT-2025-22824 · Strangebee · Thehive
Name of the Vulnerable Software and Affected Versions: StrangeBee TheHive versions 5.2.0 through 5.2.15 StrangeBee TheHive versions 5.3.0 through 5.3.10 StrangeBee TheHive versions 5.4.0 through 5.4.9 Description: A Broken Access Control issue allows remote, authenticated, and unprivileged users ...