3635 matches found
EUVD-2025-12487
Malicious code in bioql PyPI...
EUVD-2025-12477
Malicious code in bioql PyPI...
EUVD-2025-31170
Malicious code in bioql PyPI...
EUVD-2025-28740
Malicious code in bioql PyPI...
EUVD-2023-0326
Malicious code in bioql PyPI...
EUVD-2023-59392
Malicious code in bioql PyPI...
Product Walkthrough: How Passwork 7 Addresses Complexity of Enterprise Security
Passwork is positioned as an on-premises unified platform for both password and secrets management, aiming to address the increasing complexity of credential storage and sharing in modern organizations. The platform recently received a major update that reworks all the core mechanics. Passwork 7...
Inefficient Algorithmic Complexity
Overview Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity due to an inefficient algorithmic complexity issue in the mjson parsing library when analyzing JSON content, such as with the jsonquery or jwtpayloadquery function. An attacker can cause resource...
Inefficient Algorithmic Complexity
Overview Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity due to an inefficient algorithmic complexity issue in the mjson parsing library when analyzing JSON content, such as with the jsonquery or jwtpayloadquery function. An attacker can cause resource...
CVE-2025-54088
CVE-2025-54088 is an open-redirect vulnerability in Secure Access prior to version 14.10. Attackers with access to the console can redirect victims to an arbitrary URL. The attack complexity is low, attack requirements are present, no privileges are required, and users must actively participate i...
CVE-2025-54089 Cross-site Scripting vulnerability in Secure Access prior to 14.10
CVE-2025-54089 is a cross-site scripting vulnerability in versions of secure access prior to 14.10. Attackers with administrative access to the console can interfere with another administrator’s access to the console. The attack complexity is low; there are no attack requirements. Privileges...
CVE-2025-54089
CVE-2025-54089 affects Ivanti Secure Access Client prior to version 14.10. The issue is described as a cross-site scripting vulnerability that allows attackers with console administrative access to interfere with another administrator’s access. The attack has low complexity, requires high privile...
CVE-2025-54089 Cross-site Scripting vulnerability in Secure Access prior to 14.10
CVE-2025-54089 is a cross-site scripting vulnerability in versions of secure access prior to 14.10. Attackers with administrative access to the console can interfere with another administrator’s access to the console. The attack complexity is low; there are no attack requirements. Privileges...
CVE-2025-54088 Open Redirect in Secure Access prior to 14.10
CVE-2025-54088 is an open-redirect vulnerability in Secure Access prior to version 14.10. Attackers with access to the console can redirect victims to an arbitrary URL. The attack complexity is low, attack requirements are present, no privileges are required, and users must actively participate i...
CVE-2025-54088 Open Redirect in Secure Access prior to 14.10
CVE-2025-54088 is an open-redirect vulnerability in Secure Access prior to version 14.10. Attackers with access to the console can redirect victims to an arbitrary URL. The attack complexity is low, attack requirements are present, no privileges are required, and users must actively participate i...
CVE-2025-54087
CVE-2025-54087 describes a server-side request forgery in Ivanti Secure Access prior to version 14.10. The vulnerability allows administrators to publish a crafted HTTP request originating from the Secure Access server, with attack complexity high, no required user interaction beyond administrati...
CVE-2025-54086
CVE-2025-54086 affects Absolute Secure Access, Warehouse component, prior to version 14.10. The vulnerability is an excess-permissions issue enabling attackers with local file-system access to read the Java keystore file. Severity: CVSS 3.1 Base 3.3 (LOW) to CVSS 4.0 Base 5.3 (MEDIUM) depending o...
PT-2025-40423
Name of the Vulnerable Software and Affected Versions secure access versions prior to 14.10 Description This issue is a cross-site scripting condition. An attacker with administrative access to the console can disrupt another administrator's access. The attack complexity is low, and no specific...
PT-2025-40420
Name of the Vulnerable Software and Affected Versions Absolute Secure Access versions prior to 14.10 Description An excess permissions issue exists within the Warehouse component. An attacker who has access to the local file system can read the Java keystore file. The attack complexity is low, an...
CVE-2025-8014
Denial of Service issue in GraphQL endpoints in Gitlab EE/CE affecting all versions from 11.10 prior to 18.2.7, 18.3 prior to 18.3.3, and 18.4 prior to 18.4.1 allows unauthenticated users to potentially bypass query complexity limits leading to resource exhaustion and service disruption...