20 matches found
EUVD-2025-14245
Malicious code in bioql PyPI...
EUVD-2025-13347
Malicious code in bioql PyPI...
CVE-2025-48024
In BlueWave Checkmate before 2.1, an authenticated regular user can access sensitive application secrets via the /api/v1/settings endpoint...
CVE-2025-48024
In BlueWave Checkmate before 2.1, an authenticated regular user can access sensitive application secrets via the /api/v1/settings endpoint...
CVE-2025-48024
In BlueWave Checkmate before 2.1, an authenticated regular user can access sensitive application secrets via the /api/v1/settings endpoint...
CVE-2025-48024
In BlueWave Checkmate before 2.1, an authenticated regular user can access sensitive application secrets via the /api/v1/settings endpoint...
CVE-2025-48024
CVE-2025-48024 affects BlueWave Checkmate before 2.1. An authenticated regular user can access sensitive application secrets via the /api/v1/settings endpoint, leading to secret disclosure. The advisories consistently describe the issue and recommend upgrading to version 2.1 or later; as a tempor...
CVE-2025-48024
In BlueWave Checkmate before 2.1, an authenticated regular user can access sensitive application secrets via the /api/v1/settings endpoint...
PT-2025-21262 · Unknown · Bluewave Checkmate
Name of the Vulnerable Software and Affected Versions: BlueWave Checkmate versions prior to 2.1 Description: The issue allows an authenticated regular user to access sensitive application secrets. This is achieved via the "/api/v1/settings" endpoint. Recommendations: For versions prior to 2.1,...
CVE-2025-47817
In BlueWave Checkmate through 2.0.2 before b387eba, a profile edit request can include a role parameter...
CVE-2025-47817
In BlueWave Checkmate through 2.0.2 before b387eba, a profile edit request can include a role parameter...
CVE-2025-47817
In BlueWave Checkmate through 2.0.2 before b387eba, a profile edit request can include a role parameter...
CVE-2025-47817
CVE-2025-47817 affects BlueWave Checkmate 2.0.2 and earlier (pre-b387eba). The issue arises from a profile edit request permitting a role parameter, enabling unvalidated external control of web parameters. CVSS v3.1: Network attack, low privileges, no user interaction, with high impacts to confid...
CVE-2025-47817
In BlueWave Checkmate through 2.0.2 before b387eba, a profile edit request can include a role parameter...
PT-2025-20645 · Bluewave · Bluewave Checkmate
Name of the Vulnerable Software and Affected Versions: BlueWave Checkmate versions 2.0.2 and earlier, before b387eba Description: The issue allows a profile edit request to include a role parameter. This is related to the external control of assumed-immutable web parameters. Recommendations: For...
CVE-2025-47245
In BlueWave Checkmate through 2.0.2 before d4a6072, an invite request can be modified to specify a privileged role...
CVE-2025-47245
In BlueWave Checkmate through 2.0.2 before d4a6072, an invite request can be modified to specify a privileged role...
CVE-2025-47245
In BlueWave Checkmate through 2.0.2 before d4a6072, an invite request can be modified to specify a privileged role...
CVE-2025-47245
In BlueWave Checkmate through 2.0.2 before d4a6072, an invite request can be modified to specify a privileged role...
PT-2025-18959 · Unknown · Bluewave Checkmate
Name of the Vulnerable Software and Affected Versions: BlueWave Checkmate versions through 2.0.2 before d4a6072 Description: The issue allows an invite request to be modified to specify a privileged role. Recommendations: For BlueWave Checkmate versions through 2.0.2 before d4a6072, consider...