49 matches found
EUVD-2025-24833
Malicious code in bioql PyPI...
EUVD-2025-24832
Malicious code in bioql PyPI...
EUVD-2025-24834
Malicious code in bioql PyPI...
CVE-2025-27845
In ESPEC North America Web Controller 3 before 3.3.4, /api/v4/auth/ with any invalid authentication request results in exposing a JWT secret. This allows for elevated permissions to the UI...
CVE-2025-27846
In ESPEC North America Web Controller 3 before 3.3.8, an attacker with physical access can gain elevated privileges because GRUB and the BIOS are unprotected...
CVE-2025-27847
In ESPEC North America Web Controller 3 before 3.3.8, /api/v4/auth/ users session privileges are not revoked on logout...
CVE-2025-27847
In ESPEC North America Web Controller 3 before 3.3.8, /api/v4/auth/ users session privileges are not revoked on logout...
CVE-2025-27846
In ESPEC North America Web Controller 3 before 3.3.8, an attacker with physical access can gain elevated privileges because GRUB and the BIOS are unprotected...
PT-2025-33295 · Espec North America · Espec North America Web Controller 3
Name of the Vulnerable Software and Affected Versions: ESPEC North America Web Controller 3 versions prior to 3.3.8 Description: An attacker with physical access can gain elevated privileges due to the lack of protection for GRUB and the BIOS. Recommendations: Update ESPEC North America Web...
ESPEC North America Web Controller 3 安全漏洞
ESPEC North America Web Controller 3 is a laboratory equipment monitoring software from ESPEC North America. A security vulnerability exists in ESPEC North America Web Controller versions prior to 3 3.3.4, which stems from an invalid authentication request resulting in a JWT key disclosure that...
CVE-2025-27847
In ESPEC North America Web Controller 3 before 3.3.8, /api/v4/auth/ users session privileges are not revoked on logout...
CVE-2025-27845
In ESPEC North America Web Controller 3 before 3.3.4, /api/v4/auth/ with any invalid authentication request results in exposing a JWT secret. This allows for elevated permissions to the UI...
PT-2025-33296 · Espec North America · Espec North America Web Controller
Name of the Vulnerable Software and Affected Versions: ESPEC North America Web Controller versions prior to 3.3.8 Description: The web controller does not revoke user session privileges upon logout via the /api/v4/auth/ endpoint, potentially allowing continued access. Recommendations: Update to...
ESPEC North America Web Controller 3 安全漏洞
ESPEC North America Web Controller 3 is a laboratory equipment monitoring software from ESPEC North America, Inc. A security vulnerability exists in ESPEC North America Web Controller versions prior to 3 3.3.8 that originates from user session privileges not being revoked upon logout...
PT-2025-33287 · Espec North America · Espec North America Web Controller
Name of the Vulnerable Software and Affected Versions: ESPEC North America Web Controller versions prior to 3.3.4 Description: An invalid authentication request to /api/v4/auth/ exposes a JWT secret, potentially allowing for elevated permissions to the user interface. Recommendations: Update ESPE...
CVE-2025-27845
CVE-2025-27845 affects ESPEC North America Web Controller, versions prior to 3.3.4. An invalid authentication request to /api/v4/auth/ exposes the JWT secret, permitting elevated permissions to the UI. The CVSSv3.1 base score is 9.8 (CRITICAL). Remediation: upgrade to 3.3.4 or later (per PT-2025-...
ESPEC North America Web Controller 3 安全漏洞
ESPEC North America Web Controller 3 is a laboratory equipment monitoring software from ESPEC North America. A security vulnerability exists in ESPEC North America Web Controller versions prior to 3 3.3.8 that stems from an unprotected GRUB and BIOS, where physical access could result in elevated...
CVE-2025-27847
In ESPEC North America Web Controller 3 before 3.3.8, /api/v4/auth/ users session privileges are not revoked on logout...
CVE-2025-27846
In ESPEC North America Web Controller 3 before 3.3.8, an attacker with physical access can gain elevated privileges because GRUB and the BIOS are unprotected...
CVE-2025-27845
In ESPEC North America Web Controller 3 before 3.3.4, /api/v4/auth/ with any invalid authentication request results in exposing a JWT secret. This allows for elevated permissions to the UI...