23 matches found
EUVD-2025-21899
Malicious code in bioql PyPI...
EUVD-2025-21898
Malicious code in bioql PyPI...
EUVD-2025-21925
Malicious code in bioql PyPI...
EUVD-2025-21924
Malicious code in bioql PyPI...
CVE-2025-52162
agorum Software GmbH Agorum core open v11.9.2 & v11.10.1 was discovered to contain an XML External Entity XXE via the RSSReader endpoint. This vulnerability allows attackers to access sensitive data via providing a crafted XML input...
CVE-2025-52168
Incorrect access control in the dynawebservice component of agorum Software GmbH Agorum core open v11.9.2 & v11.10.1 allows unauthenticated attackers to access arbitrary files on the system...
CVE-2025-52163
A Server-Side Request Forgery SSRF in the component TunnelServlet of agorum Software GmbH Agorum core open v11.9.2 & v11.10.1 allows attackers to forcefully initiate connections to arbitrary internal and external resources via a crafted request. This can lead to sensitive data exposure...
CVE-2025-52169
agorum Software GmbH Agorum core open v11.9.2 & v11.10.1 was discovered to contain a reflected cross-site scripting XSS vulnerability...
CVE-2025-52168
Incorrect access control in the dynawebservice component of agorum Software GmbH Agorum core open v11.9.2 & v11.10.1 allows unauthenticated attackers to access arbitrary files on the system...
CVE-2025-52162
agorum Software GmbH Agorum core open v11.9.2 & v11.10.1 was discovered to contain an XML External Entity XXE via the RSSReader endpoint. This vulnerability allows attackers to access sensitive data via providing a crafted XML input...
CVE-2025-52162
agorum Software GmbH Agorum core open v11.9.2 & v11.10.1 was discovered to contain an XML External Entity XXE via the RSSReader endpoint. This vulnerability allows attackers to access sensitive data via providing a crafted XML input...
CVE-2025-52168
Incorrect access control in the dynawebservice component of agorum Software GmbH Agorum core open v11.9.2 & v11.10.1 allows unauthenticated attackers to access arbitrary files on the system...
CVE-2025-52169
agorum Software GmbH Agorum core open v11.9.2 & v11.10.1 was discovered to contain a reflected cross-site scripting XSS vulnerability...
CVE-2025-52168
The CVE-2025-52168 entry affects Agorum core open, specifically the dynawebservice component in versions 11.9.2 and 11.10.1. The root cause is incorrect access control, enabling unauthenticated attackers to access arbitrary files on the system. Affected product identifiers are Agorum core open (A...
CVE-2025-52163
A Server-Side Request Forgery SSRF in the component TunnelServlet of agorum Software GmbH Agorum core open v11.9.2 & v11.10.1 allows attackers to forcefully initiate connections to arbitrary internal and external resources via a crafted request. This can lead to sensitive data exposure...
CVE-2025-52163
A Server-Side Request Forgery SSRF in the component TunnelServlet of agorum Software GmbH Agorum core open v11.9.2 & v11.10.1 allows attackers to forcefully initiate connections to arbitrary internal and external resources via a crafted request. This can lead to sensitive data exposure...
CVE-2025-52169
agorum Software GmbH Agorum core open v11.9.2 & v11.10.1 was discovered to contain a reflected cross-site scripting XSS vulnerability...
CVE-2025-52163
CVE-2025-52163 affects agorum Software GmbH Agorum core open versions 11.9.2 and 11.10.1, in the TunnelServlet component. A Server-Side Request Forgery (SSRF) allows an attacker to force connections to arbitrary internal and external resources via a crafted request, potentially exposing sensitive...
PT-2025-30085 · Agorum Software Gmbh · Agorum Core
Name of the Vulnerable Software and Affected Versions: agorum Software GmbH Agorum core open versions 11.9.2 and 11.10.1 Description: The software contains a reflected cross-site scripting XSS issue. Recommendations: Update to a newer version that addresses this issue...
CVE-2025-52169
CVE-2025-52169 affects agorum core open versions 11.9.2 and 11.10.1 and is a reflected cross-site scripting (XSS) vulnerability. The issue arises in the web-facing component where user input is reflected in responses, enabling script execution in a victim’s browser. Remediation per available conn...