23 matches found
EUVD-2025-21925
Malicious code in bioql PyPI...
EUVD-2025-21899
Malicious code in bioql PyPI...
EUVD-2025-21924
Malicious code in bioql PyPI...
EUVD-2025-21898
Malicious code in bioql PyPI...
CVE-2025-52162
agorum Software GmbH Agorum core open v11.9.2 & v11.10.1 was discovered to contain an XML External Entity XXE via the RSSReader endpoint. This vulnerability allows attackers to access sensitive data via providing a crafted XML input...
CVE-2025-52168
Incorrect access control in the dynawebservice component of agorum Software GmbH Agorum core open v11.9.2 & v11.10.1 allows unauthenticated attackers to access arbitrary files on the system...
CVE-2025-52163
A Server-Side Request Forgery SSRF in the component TunnelServlet of agorum Software GmbH Agorum core open v11.9.2 & v11.10.1 allows attackers to forcefully initiate connections to arbitrary internal and external resources via a crafted request. This can lead to sensitive data exposure...
CVE-2025-52169
agorum Software GmbH Agorum core open v11.9.2 & v11.10.1 was discovered to contain a reflected cross-site scripting XSS vulnerability...
CVE-2025-52168
Incorrect access control in the dynawebservice component of agorum Software GmbH Agorum core open v11.9.2 & v11.10.1 allows unauthenticated attackers to access arbitrary files on the system...
CVE-2025-52162
agorum Software GmbH Agorum core open v11.9.2 & v11.10.1 was discovered to contain an XML External Entity XXE via the RSSReader endpoint. This vulnerability allows attackers to access sensitive data via providing a crafted XML input...
CVE-2025-52168
Incorrect access control in the dynawebservice component of agorum Software GmbH Agorum core open v11.9.2 & v11.10.1 allows unauthenticated attackers to access arbitrary files on the system...
CVE-2025-52163
A Server-Side Request Forgery SSRF in the component TunnelServlet of agorum Software GmbH Agorum core open v11.9.2 & v11.10.1 allows attackers to forcefully initiate connections to arbitrary internal and external resources via a crafted request. This can lead to sensitive data exposure...
CVE-2025-52163
CVE-2025-52163 affects agorum Software GmbH Agorum core open versions 11.9.2 and 11.10.1, in the TunnelServlet component. A Server-Side Request Forgery (SSRF) allows an attacker to force connections to arbitrary internal and external resources via a crafted request, potentially exposing sensitive...
CVE-2025-52163
A Server-Side Request Forgery SSRF in the component TunnelServlet of agorum Software GmbH Agorum core open v11.9.2 & v11.10.1 allows attackers to forcefully initiate connections to arbitrary internal and external resources via a crafted request. This can lead to sensitive data exposure...
CVE-2025-52162
agorum Software GmbH Agorum core open v11.9.2 & v11.10.1 was discovered to contain an XML External Entity XXE via the RSSReader endpoint. This vulnerability allows attackers to access sensitive data via providing a crafted XML input...
CVE-2025-52169
agorum Software GmbH Agorum core open v11.9.2 & v11.10.1 was discovered to contain a reflected cross-site scripting XSS vulnerability...
CVE-2025-52169
CVE-2025-52169 affects agorum core open versions 11.9.2 and 11.10.1 and is a reflected cross-site scripting (XSS) vulnerability. The issue arises in the web-facing component where user input is reflected in responses, enabling script execution in a victim’s browser. Remediation per available conn...
CVE-2025-52169
agorum Software GmbH Agorum core open v11.9.2 & v11.10.1 was discovered to contain a reflected cross-site scripting XSS vulnerability...
CVE-2025-52168
Incorrect access control in the dynawebservice component of agorum Software GmbH Agorum core open v11.9.2 & v11.10.1 allows unauthenticated attackers to access arbitrary files on the system...
PT-2025-30085 · Agorum Software Gmbh · Agorum Core
Name of the Vulnerable Software and Affected Versions: agorum Software GmbH Agorum core open versions 11.9.2 and 11.10.1 Description: The software contains a reflected cross-site scripting XSS issue. Recommendations: Update to a newer version that addresses this issue...