44 matches found
EUVD-2025-28245
Malicious code in bioql PyPI...
EUVD-2023-42816
Malicious code in bioql PyPI...
EUVD-2025-28247
Malicious code in bioql PyPI...
EUVD-2025-28248
Malicious code in bioql PyPI...
EUVD-2025-28246
Malicious code in bioql PyPI...
CVE-2025-48740
A Cross-Site Request Forgery CSRF vulnerability in StrangeBee TheHive 5.2.0 before 5.2.16, 5.3.0 before 5.3.11, 5.4.0 before 5.4.10, and 5.5.0 before 5.5.1 allows a remote attacker to trigger requests on their victim's behalf, if the attacker lures a privileged user, authenticated with basic...
CVE-2025-48741
A Broken Access Control vulnerability in StrangeBee TheHive 5.2.0 before 5.2.16, 5.3.0 before 5.3.11, and 5.4.0 before 5.4.10 allows remote, authenticated, and unprivileged users to retrieve alerts, cases, logs, observables, or tasks, regardless of the user's permissions, through a specific API...
CVE-2025-48738
An e-mail flooding vulnerability in StrangeBee TheHive 5.2.0 before 5.2.16, 5.3.0 before 5.3.11, 5.4.0 before 5.4.10, and 5.5.0 before 5.5.1 allows unauthenticated remote attackers to use the password reset feature without limits. This can lead to several consequences, including mailbox storage...
CVE-2025-48740
A Cross-Site Request Forgery CSRF vulnerability in StrangeBee TheHive 5.2.0 before 5.2.16, 5.3.0 before 5.3.11, 5.4.0 before 5.4.10, and 5.5.0 before 5.5.1 allows a remote attacker to trigger requests on their victim's behalf, if the attacker lures a privileged user, authenticated with basic...
CVE-2025-48738
An e-mail flooding vulnerability in StrangeBee TheHive 5.2.0 before 5.2.16, 5.3.0 before 5.3.11, 5.4.0 before 5.4.10, and 5.5.0 before 5.5.1 allows unauthenticated remote attackers to use the password reset feature without limits. This can lead to several consequences, including mailbox storage...
CVE-2025-48739
A Server-Side Request Forgery SSRF vulnerability in StrangeBee TheHive 5.2.0 before 5.2.16, 5.3.0 before 5.3.11, 5.4.0 before 5.4.10, and 5.5.0 before 5.5.1 allows remote authenticated attackers with admin permissions allowing them to access specific API endpoints to manipulate URLs to direct...
CVE-2025-48741
A Broken Access Control vulnerability in StrangeBee TheHive 5.2.0 before 5.2.16, 5.3.0 before 5.3.11, and 5.4.0 before 5.4.10 allows remote, authenticated, and unprivileged users to retrieve alerts, cases, logs, observables, or tasks, regardless of the user's permissions, through a specific API...
CVE-2025-48738
The CVE-2025-48738 entry concerns StrangeBee TheHive and is supported by multiple sources in Connected documents. Affected: TheHive versions 5.2.0–5.2.15, 5.3.0–5.3.10, 5.4.0–5.4.9, and 5.5.0. Root cause: an unrestricted password-reset feature allows unauthenticated remote attackers to trigger re...
CVE-2025-48741
A Broken Access Control vulnerability in StrangeBee TheHive 5.2.0 before 5.2.16, 5.3.0 before 5.3.11, and 5.4.0 before 5.4.10 allows remote, authenticated, and unprivileged users to retrieve alerts, cases, logs, observables, or tasks, regardless of the user's permissions, through a specific API...
CVE-2025-48741
CVE-2025-48741 affects StrangeBee TheHive. A Broken Access Control flaw allows remote, authenticated, and unprivileged users to retrieve alerts, cases, logs, observables, or tasks via a specific API endpoint. Affected ranges and fixes: 5.2.0–5.2.15 → upgrade to 5.2.16+, 5.3.0–5.3.10 → upgrade to ...
StrangeBee TheHive 安全漏洞
StrangeBee TheHive is an application from StrangeBee, Inc. A security vulnerability exists in StrangeBee TheHive versions prior to 5.4.10, which stems from improper access control and could lead to unauthorized users retrieving data...
CVE-2025-48738
An e-mail flooding vulnerability in StrangeBee TheHive 5.2.0 before 5.2.16, 5.3.0 before 5.3.11, 5.4.0 before 5.4.10, and 5.5.0 before 5.5.1 allows unauthenticated remote attackers to use the password reset feature without limits. This can lead to several consequences, including mailbox storage...
StrangeBee TheHive 代码问题漏洞
StrangeBee TheHive is an application from StrangeBee, Inc. A code issue vulnerability exists in StrangeBee TheHive versions prior to 5.5.1 that stems from server-side request forgery and could lead to access to internal resources...
CVE-2025-48738
An e-mail flooding vulnerability in StrangeBee TheHive 5.2.0 before 5.2.16, 5.3.0 before 5.3.11, 5.4.0 before 5.4.10, and 5.5.0 before 5.5.1 allows unauthenticated remote attackers to use the password reset feature without limits. This can lead to several consequences, including mailbox storage...
StrangeBee TheHive 安全漏洞
StrangeBee TheHive is an application from StrangeBee, Inc. A security vulnerability exists in StrangeBee TheHive versions prior to 5.5.1, which stems from an unrestricted password reset feature that could lead to mailbox storage exhaustion or SMTP server overload...