EUVD-2025-30801

Malicious code in bioql PyPI...

CVE-2025-57439

Creacast Creabox Manager 4.4.4 contains a critical Remote Code Execution vulnerability accessible via the edit.php endpoint. An authenticated attacker can inject arbitrary Lua code into the configuration, which is then executed on the server. This allows full system compromise, including reverse...

CVE-2025-57430

Creacast Creabox Manager 4.4.4 exposes sensitive configuration data via a publicly accessible endpoint /get. When accessed, this endpoint returns internal configuration including the creacodec.lua file, which contains plaintext admin credentials...

CVE-2025-57434

Creacast Creabox Manager contains a critical authentication flaw that allows an attacker to bypass login validation. The system grants access when the username is creabox and the password begins with the string creacast, regardless of what follows...

CVE-2025-57439

Creacast Creabox Manager 4.4.4 contains a critical Remote Code Execution vulnerability accessible via the edit.php endpoint. An authenticated attacker can inject arbitrary Lua code into the configuration, which is then executed on the server. This allows full system compromise, including reverse...

CVE-2025-57439

Creacast Creabox Manager 4.4.4 contains a critical Remote Code Execution vulnerability accessible via the edit.php endpoint. An authenticated attacker can inject arbitrary Lua code into the configuration, which is then executed on the server. This allows full system compromise, including reverse...

CVE-2025-57434

Creacast Creabox Manager contains a critical authentication flaw that allows an attacker to bypass login validation. The system grants access when the username is creabox and the password begins with the string creacast, regardless of what follows...

CVE-2025-57434

Creacast Creabox Manager contains a critical authentication flaw that allows an attacker to bypass login validation. The system grants access when the username is creabox and the password begins with the string creacast, regardless of what follows...

CVE-2025-57430

Creacast Creabox Manager 4.4.4 exposes sensitive configuration data via a publicly accessible endpoint /get. When accessed, this endpoint returns internal configuration including the creacodec.lua file, which contains plaintext admin credentials...

CVE-2025-57430

Creacast Creabox Manager 4.4.4 exposes sensitive configuration data via a publicly accessible endpoint /get. When accessed, this endpoint returns internal configuration including the creacodec.lua file, which contains plaintext admin credentials...

CVE-2025-57434

Creacast Creabox Manager contains a critical authentication flaw that allows an attacker to bypass login validation. The system grants access when the username is creabox and the password begins with the string creacast, regardless of what follows...

Creacast Creabox Manager 安全漏洞

Creacast Creabox Manager is a device management system from Creacast France. A security vulnerability exists in Creacast Creabox Manager version 4.4.4, which originates from a publicly accessible endpoint/get exposing sensitive configuration data, potentially leading to credential disclosure...

CVE-2025-57430

Creacast Creabox Manager 4.4.4 exposes sensitive configuration data via a publicly accessible endpoint /get. When accessed, this endpoint returns internal configuration including the creacodec.lua file, which contains plaintext admin credentials...

CVE-2025-57439

Creacast Creabox Manager 4.4.4 contains a critical Remote Code Execution vulnerability accessible via the edit.php endpoint. An authenticated attacker can inject arbitrary Lua code into the configuration, which is then executed on the server. This allows full system compromise, including reverse...

Creacast Creabox Manager 安全漏洞

Creacast Creabox Manager is a device management system from Creacast France. A security vulnerability exists in Creacast Creabox Manager that stems from an authentication flaw that allows an attacker to bypass login authentication with a specific username and password prefix...

Creacast Creabox Manager 安全漏洞

Creacast Creabox Manager is a device management system from Creacast France. A security vulnerability exists in Creacast Creabox Manager version 4.4.4, which originates in the edit.php endpoint that allows the injection of arbitrary Lua code, which could lead to remote code execution and full...

CVE-2025-57439

CVE-2025-57439 affects Creacast Creabox Manager 4.4.4. The vulnerability is a remote code execution via the edit.php endpoint, where an authenticated attacker can inject arbitrary Lua code into the configuration, resulting in server-side code execution and full system compromise (e.g., reverse sh...

PT-2025-38750

Name of the Vulnerable Software and Affected Versions Creacast Creabox Manager affected versions not specified Description The software exhibits a critical authentication flaw that permits bypassing login validation. Access is granted when the username is set to creabox and the password starts wi...

CVE-2025-57434

The vulnerability CVE-2025-57434 affects Creacast Creabox Manager. An authentication bypass exists: if the username is creabox and the password begins with creacast, access is granted regardless of the remaining password. This is described consistently across multiple sources. The CVSS 3.1 vector...

CVE-2025-57430

The CVE-2025-57430 affects Creacast Creabox Manager 4.4.4, where a publicly accessible /get endpoint leaks internal configuration data, including the creacodec.lua file that contains plaintext admin credentials. This exposes sensitive configuration details and credential data via network access. ...