50 matches found
EUVD-2026-33282
Incorrect permission settings on a critical resource in Suprema BioStar 2 versions 2.9.3 through 2.9.11 that allow backup files to be publicly exposed when the administrator configures their path within the NGINX webroot. This vulnerability allows an attacker with network access to directly...
CVE-2025-41257
Suprema’s BioStar 2 in version 2.9.11.6 allows users to set new password without providing the current one. Exploiting this flaw combined with other vulnerabilities can lead to unauthorized account access and potential system compromise...
EUVD-2023-37526
Malicious code in bioql PyPI...
EUVD-2023-37527
Malicious code in bioql PyPI...
EUVD-2023-36212
Malicious code in bioql PyPI...
EUVD-2023-37529
Malicious code in bioql PyPI...
EUVD-2023-37528
Malicious code in bioql PyPI...
CVE-2023-33365
A path traversal vulnerability exists in Suprema BioStar 2 before 2.9.1, which allows unauthenticated attackers to fetch arbitrary files from the server's web server...
CVE-2023-33364
An OS Command injection vulnerability exists in Suprema BioStar 2 before V2.9.1, which allows authenticated users to execute arbitrary OS commands on the BioStar 2 server...
CVE-2023-33365
A path traversal vulnerability exists in Suprema BioStar 2 before 2.9.1, which allows unauthenticated attackers to fetch arbitrary files from the server's web server...
CVE-2023-33363
An authentication bypass vulnerability exists in Suprema BioStar 2 before 2.9.1, which allows unauthenticated users to access some functionality on BioStar 2 servers...
CVE-2023-33366
A SQL injection vulnerability exists in Suprema BioStar 2 before 2.9.1, which allows authenticated users to inject arbitrary SQL directives into an SQL statement and execute arbitrary SQL commands...
Command injection
An OS Command injection vulnerability exists in Suprema BioStar 2 before V2.9.1, which allows authenticated users to execute arbitrary OS commands on the BioStar 2 server...
Path traversal
A path traversal vulnerability exists in Suprema BioStar 2 before 2.9.1, which allows unauthenticated attackers to fetch arbitrary files from the server's web server...
Sql injection
A SQL injection vulnerability exists in Suprema BioStar 2 before 2.9.1, which allows authenticated users to inject arbitrary SQL directives into an SQL statement and execute arbitrary SQL commands...
Authentication flaw
An authentication bypass vulnerability exists in Suprema BioStar 2 before 2.9.1, which allows unauthenticated users to access some functionality on BioStar 2 servers...
CVE-2023-33365
A path traversal vulnerability exists in Suprema BioStar 2 before 2.9.1, which allows unauthenticated attackers to fetch arbitrary files from the server's web server...
CVE-2023-33366
A SQL injection vulnerability exists in Suprema BioStar 2 before 2.9.1, which allows authenticated users to inject arbitrary SQL directives into an SQL statement and execute arbitrary SQL commands...
CVE-2023-33366
Summary: CVE-2023-33366 is a SQL injection vulnerability in Suprema BioStar 2 prior to 2.9.1. Authenticated users can inject arbitrary SQL into statements and execute commands. The issue has a high impact (CVSS 3.1 base score 8.8) affecting the BioStar 2 web/DB interaction. Affected version(s) : ...
CVE-2023-33363
Suprema BioStar 2 contains an authentication bypass vulnerability in versions before 2.9.1, allowing unauthenticated users to access certain functionality on BioStar 2 servers. The issue is documented across multiple feeds (NVD, Red Hat, PRION, CNNVD, etc.) with the vulnerability identified as CV...