34 matches found
EUVD-2025-27847
Malicious code in bioql PyPI...
EUVD-2025-27848
Malicious code in bioql PyPI...
EUVD-2025-27850
Malicious code in bioql PyPI...
EUVD-2025-27849
Malicious code in bioql PyPI...
CVE-2025-35113
Agiloft Release 28 does not properly neutralize special elements used in an EUI template engine, allowing an authenticated attacker to achieve remote code execution by loading a specially crafted payload. Users should upgrade to Agiloft Release 31...
CVE-2025-35115
Agiloft Release 28 downloads critical system packages over an insecure HTTP connection. An attacker in a Man-In-the-Middle position could replace or modify the contents of the download URL. Users should upgrade to Agiloft Release 30...
CVE-2025-35114
Agiloft Release 28 contains several accounts with default credentials that could allow local privilege escalation. The password hash is known for at least one of the accounts and the credentials could be cracked offline. Users should upgrade to Agiloft Release 30...
CVE-2025-35114
Agiloft Release 28 contains several accounts with default credentials that could allow local privilege escalation. The password hash is known for at least one of the accounts and the credentials could be cracked offline. Users should upgrade to Agiloft Release 30...
CVE-2025-35113
Agiloft Release 28 does not properly neutralize special elements used in an EUI template engine, allowing an authenticated attacker to achieve remote code execution by loading a specially crafted payload. Users should upgrade to Agiloft Release 31...
CVE-2025-35114
Agiloft Release 28 contains several accounts with default credentials that could allow local privilege escalation. The password hash is known for at least one of the accounts and the credentials could be cracked offline. Users should upgrade to Agiloft Release 30...
CVE-2025-35113
Agiloft Release 28 does not properly neutralize special elements used in an EUI template engine, allowing an authenticated attacker to achieve remote code execution by loading a specially crafted payload. Users should upgrade to Agiloft Release 31...
CVE-2025-35115
Agiloft Release 28 downloads critical system packages over an insecure HTTP connection. An attacker in a Man-In-the-Middle position could replace or modify the contents of the download URL. Users should upgrade to Agiloft Release 30...
CVE-2025-35112
Agiloft Release 28 contains an XML External Entities vulnerability in any table that allows 'import/export', allowing an authenticated attacker to import the template file and perform path traversal on the local system files. Users should upgrade to Agiloft Release 31...
CVE-2025-35112
Agiloft Release 28 contains an XML External Entities vulnerability in any table that allows 'import/export', allowing an authenticated attacker to import the template file and perform path traversal on the local system files. Users should upgrade to Agiloft Release 31...
CVE-2025-35115
Agiloft Release 28 downloads critical system packages over an insecure HTTP connection. An attacker in a Man-In-the-Middle position could replace or modify the contents of the download URL. Users should upgrade to Agiloft Release 30...
CVE-2025-35112 Agiloft XML external entity local path traversal
Agiloft Release 28 contains an XML External Entities vulnerability in any table that allows 'import/export', allowing an authenticated attacker to import the template file and perform path traversal on the local system files. Users should upgrade to Agiloft Release 31...
CVE-2025-35112 Agiloft XML external entity local path traversal
Agiloft Release 28 contains an XML External Entities vulnerability in any table that allows 'import/export', allowing an authenticated attacker to import the template file and perform path traversal on the local system files. Users should upgrade to Agiloft Release 31...
CVE-2025-35112
CVE-2025-35112 describes an XML External Entities path-traversal vulnerability in Agiloft Release 28, exploitable via any table that allows import/export. An authenticated attacker can import a template file and traverse local system files. The issue is caused by improper handling of XML entities...
CVE-2025-35115 Agiloft insecure download of system packages
Agiloft Release 28 downloads critical system packages over an insecure HTTP connection. An attacker in a Man-In-the-Middle position could replace or modify the contents of the download URL. Users should upgrade to Agiloft Release 30...
CVE-2025-35115
CVE-2025-35115 affects Agiloft Release 28, where critical system package downloads occur over insecure HTTP, enabling a MITM attacker to replace or modify the download URL contents. Root cause: lack of secure transport during package retrieval. Impact per sources: potential integrity and confiden...