53 matches found
EUVD-2025-27538
Malicious code in bioql PyPI...
EUVD-2025-27540
Malicious code in bioql PyPI...
EUVD-2025-27539
Malicious code in bioql PyPI...
EUVD-2025-27537
Malicious code in bioql PyPI...
EUVD-2025-27546
Malicious code in bioql PyPI...
EUVD-2025-27541
Malicious code in bioql PyPI...
EUVD-2025-27542
Malicious code in bioql PyPI...
CVE-2025-10224
Improper Authentication CWE-287 in the LDAP authentication engine in AxxonSoft Axxon One C-Werk 2.0.2 and earlier on Windows allows a remote authenticated user to be denied access or misassigned roles via incorrect evaluation of nested LDAP group memberships during login...
CVE-2025-10220
Use of Unmaintained Third Party Components CWE-1104 in the NuGet dependency components in AxxonSoft Axxon One VMS 2.0.0 through 2.0.4 on Windows allows a remote attacker to execute arbitrary code or bypass security features via exploitation of vulnerable third-party packages such as...
CVE-2025-10221
Insertion of Sensitive Information into Log File CWE-532 in the ARP Agent component in AxxonSoft Axxon One / AxxonNet / C-WerkNet 2.0.4 and earlier on Windows platforms allows a local attacker to obtain plaintext credentials via reading TRACE log files containing serialized JSON with passwords...
CVE-2025-10223
Insufficient Session Expiration CWE-613 in the Web Admin Panel in AxxonSoft Axxon One C-Werk prior to 2.0.3 on Windows allows a local or remote authenticated attacker to retain access with removed privileges via continued use of an unexpired session token until natural expiration...
CVE-2025-10227
Missing Encryption of Sensitive Data CWE-311 in the Object Archive component in AxxonSoft Axxon One C-Werk before 2.0.8 on Windows and Linux allows a local attacker with access to exported storage or stolen physical drives to extract sensitive archive data in plaintext via lack of encryption at...
CVE-2025-10222
Exposure of Sensitive Information to an Unauthorized Actor CWE-200 in the diagnostic dump component in AxxonSoft Axxon One VMS C-Werk 2.0.0 through 2.0.1 on Windows allows a local attacker to obtain licensing-related information such as timestamps, license states, and registry values via reading...
CVE-2025-10225
Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-119 in the OpenSSL-based session module in AxxonSoft Axxon One C-Werk 2.0.6 and earlier on Windows allows a remote attacker under high load conditions to cause application crashes or unpredictable behavior via triggering...
CVE-2025-10226
Dependency on Vulnerable Third-Party Component CWE-1395 in the PostgreSQL backend in AxxonSoft Axxon One C-Werk 2.0.8 and earlier on Windows and Linux allows a remote attacker to escalate privileges, execute arbitrary code, or cause denial-of-service via exploitation of multiple known CVEs presen...
CVE-2025-10225
Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-119 in the OpenSSL-based session module in AxxonSoft Axxon One C-Werk 2.0.6 and earlier on Windows allows a remote attacker under high load conditions to cause application crashes or unpredictable behavior via triggering...
CVE-2025-10227
Missing Encryption of Sensitive Data CWE-311 in the Object Archive component in AxxonSoft Axxon One C-Werk before 2.0.8 on Windows and Linux allows a local attacker with access to exported storage or stolen physical drives to extract sensitive archive data in plaintext via lack of encryption at...
CVE-2025-10223
Insufficient Session Expiration CWE-613 in the Web Admin Panel in AxxonSoft Axxon One C-Werk prior to 2.0.3 on Windows allows a local or remote authenticated attacker to retain access with removed privileges via continued use of an unexpired session token until natural expiration...
CVE-2025-10226
Dependency on Vulnerable Third-Party Component CWE-1395 in the PostgreSQL backend in AxxonSoft Axxon One C-Werk 2.0.8 and earlier on Windows and Linux allows a remote attacker to escalate privileges, execute arbitrary code, or cause denial-of-service via exploitation of multiple known CVEs presen...
CVE-2025-10226
Dependency on Vulnerable Third-Party Component CWE-1395 in the PostgreSQL backend in AxxonSoft Axxon One C-Werk 2.0.8 and earlier on Windows and Linux allows a remote attacker to escalate privileges, execute arbitrary code, or cause denial-of-service via exploitation of multiple known CVEs presen...