10 matches found
EUVD-2025-16185
Malicious code in bioql PyPI...
CVE-2025-53191
CVE-2025-53191 entry is rejected/not used and does not represent an active vulnerability.
CVE-2025-53190
...
CVE-2025-53188
This CVE entry is rejected/not used and does not represent an active vulnerability entry.
CVE-2024-13955
CVE-2024-13955 describes 2nd Order SQL injection across ABB ASPECT-Enterprise (through 3.), NEXUS Series (through 3. ), and MATRIX Series (through 3.*). Root cause involves credential disclosure enabling a second‑order SQL injection that can view, add, modify, or delete information in back‑end da...
CVE-2025-30173 Admin Authorized File Upload
File upload vulnerabilities are present in ASPECT if session administrator credentials become compromised This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03...
PT-2025-22519 · Unknown · Nexus Series +2
Name of the Vulnerable Software and Affected Versions: ASPECT-Enterprise versions through 3.08.03 NEXUS Series versions through 3.08.03 MATRIX Series versions through 3.08.03 Description: The issue allows attackers to control TCP/IP port access if session administrator credentials become...
PT-2025-22505 · Unknown · Nexus Series +2
Name of the Vulnerable Software and Affected Versions: ASPECT-Enterprise versions through 3.08.03 NEXUS Series versions through 3.08.03 MATRIX Series versions through 3.08.03 Description: An escalation of privilege issue in ASPECT could allow an attacker to gain root access to a server when logge...
PT-2025-22516 · Unknown · Nexus Series +2
Name of the Vulnerable Software and Affected Versions: ASPECT-Enterprise versions through 3.08.03 NEXUS Series versions through 3.08.03 MATRIX Series versions through 3.08.03 Description: SQL injection vulnerabilities in ASPECT allow unintended access and manipulation of database repositories if...
ABB Cylon Aspect 3.08.02 Cookie User Password Disclosure Vulnerability
ABB Cylon Aspect version 3.08.02 suffers from cleartext transmission and storage of sensitive information in a Cookie. This includes the globals parameter, where authdata contains base64-encoded credentials. A remote attacker can intercept the HTTP Cookie, including authentication credentials,...