7 matches found
EUVD-2025-27848
Malicious code in bioql PyPI...
CVE-2025-35113
Agiloft Release 28 does not properly neutralize special elements used in an EUI template engine, allowing an authenticated attacker to achieve remote code execution by loading a specially crafted payload. Users should upgrade to Agiloft Release 31...
CVE-2025-35112
Agiloft Release 28 contains an XML External Entities vulnerability in any table that allows 'import/export', allowing an authenticated attacker to import the template file and perform path traversal on the local system files. Users should upgrade to Agiloft Release 31...
CVE-2025-35113
Agiloft Release 28 does not properly neutralize special elements used in an EUI template engine, allowing an authenticated attacker to achieve remote code execution by loading a specially crafted payload. Users should upgrade to Agiloft Release 31...
CVE-2025-35112
CVE-2025-35112 describes an XML External Entities path-traversal vulnerability in Agiloft Release 28, exploitable via any table that allows import/export. An authenticated attacker can import a template file and traverse local system files. The issue is caused by improper handling of XML entities...
CVE-2025-35112 Agiloft XML external entity local path traversal
Agiloft Release 28 contains an XML External Entities vulnerability in any table that allows 'import/export', allowing an authenticated attacker to import the template file and perform path traversal on the local system files. Users should upgrade to Agiloft Release 31...
PT-2025-34818 · Agiloft · Agiloft
Name of the Vulnerable Software and Affected Versions: Agiloft versions prior to 31 Description: Agiloft Release 28 contains an XML External Entities issue in any table that allows 'import/export'. An authenticated attacker can import a template file and perform path traversal on local system...