EUVD-2020-23363

Malware in sbrugna...

EUVD-2020-23362

Malware in sbrugna...

EUVD-2020-23364

Malware in sbrugna...

EUVD-2020-23365

Malware in sbrugna...

EUVD-2022-0590

Malicious code in bioql PyPI...

EUVD-2022-0541

Malicious code in bioql PyPI...

EUVD-2022-27262

Malicious code in bioql PyPI...

EUVD-2022-0633

Malicious code in bioql PyPI...

EUVD-2022-0720

Malicious code in bioql PyPI...

EUVD-2022-0437

Malicious code in bioql PyPI...

CVE-2022-22108

In Daybyday CRM, versions 2.0.0 through 2.2.0 are vulnerable to Missing Authorization. An attacker that has the lowest privileges account employee type user, can view the absences of all users in the system including administrators. This type of user is not authorized to view this kind of...

CVE-2022-22107

In Daybyday CRM, versions 2.0.0 through 2.2.0 are vulnerable to Missing Authorization. An attacker that has the lowest privileges account employee type user, can view the appointments of all users in the system including administrators. However, this type of user is not authorized to view the...

CVE-2022-22109

In Daybyday CRM, version 2.2.0 is vulnerable to Stored Cross-Site Scripting XSS vulnerability that allows low privileged application users to store malicious scripts in the title field of new tasks. These scripts are executed in a victim’s browser when they open the “/tasks” page to view all the...

CVE-2020-35707

Daybyday 2.1.0 allows stored XSS via the Company Name parameter to the New Client screen...

CVE-2020-35706

Daybyday 2.1.0 allows stored XSS via the Title parameter to the New Project screen...

CVE-2020-35705

Daybyday 2.1.0 allows stored XSS via the Name parameter to the New User screen...

CVE-2020-35704

Daybyday 2.1.0 allows stored XSS via the Title parameter to the New Lead screen...

CVE-2022-22111

In DayByDay CRM, version 2.2.0 is vulnerable to missing authorization. Any application user in the application who has update user permission enabled is able to change the password of other users, including the administrator’s. This allows the attacker to gain access to the highest privileged use...

CVE-2022-22110

In Daybyday CRM, versions 1.1 through 2.2.0 enforce weak password requirements in the user update functionality. A user with privileges to update his password could change it to a weak password, such as those with a length of a single character. This may allow an attacker to brute-force users’...

Insecure Session

DayByDay CRM has insecure session. The vulnerability exists due to the lack of sufficient session expiry restriction when a user change password, allowing the user to still continue the same session...