Lucene search
+L

72 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-0590

Malicious code in bioql PyPI...

4.3CVSS4.8AI score0.0068EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-0541

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.01122EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.10 views

EUVD-2022-0437

Malicious code in bioql PyPI...

4.3CVSS4.8AI score0.0068EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-0720

Malicious code in bioql PyPI...

8.8CVSS8.6AI score0.00996EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-0633

Malicious code in bioql PyPI...

5.4CVSS5.5AI score0.00531EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-27262

Malicious code in bioql PyPI...

8.8CVSS8.8AI score0.01024EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/05/23 12:45 a.m.7 views

CVE-2022-22108

In Daybyday CRM, versions 2.0.0 through 2.2.0 are vulnerable to Missing Authorization. An attacker that has the lowest privileges account employee type user, can view the absences of all users in the system including administrators. This type of user is not authorized to view this kind of...

4.3CVSS6.7AI score0.0068EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:42 a.m.8 views

CVE-2022-22107

In Daybyday CRM, versions 2.0.0 through 2.2.0 are vulnerable to Missing Authorization. An attacker that has the lowest privileges account employee type user, can view the appointments of all users in the system including administrators. However, this type of user is not authorized to view the...

4.3CVSS6.7AI score0.0068EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:45 p.m.7 views

CVE-2022-22109

In Daybyday CRM, version 2.2.0 is vulnerable to Stored Cross-Site Scripting XSS vulnerability that allows low privileged application users to store malicious scripts in the title field of new tasks. These scripts are executed in a victim’s browser when they open the “/tasks” page to view all the...

5.4CVSS5.3AI score0.00531EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 8:8 p.m.9 views

CVE-2022-22111

In DayByDay CRM, version 2.2.0 is vulnerable to missing authorization. Any application user in the application who has update user permission enabled is able to change the password of other users, including the administrator’s. This allows the attacker to gain access to the highest privileged use...

8.8CVSS6.9AI score0.00996EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 7:58 p.m.8 views

CVE-2022-22110

In Daybyday CRM, versions 1.1 through 2.2.0 enforce weak password requirements in the user update functionality. A user with privileges to update his password could change it to a weak password, such as those with a length of a single character. This may allow an attacker to brute-force users’...

7.5CVSS6.8AI score0.01122EPSS
Exploits0References1
Veracode
Veracode
added 2022/01/14 6:16 a.m.18 views

Insecure Session

DayByDay CRM has insecure session. The vulnerability exists due to the lack of sufficient session expiry restriction when a user change password, allowing the user to still continue the same session...

8.8CVSS2.2AI score0.01024EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2022/01/13 9:15 a.m.27 views

CVE-2022-22113

In DayByDay CRM, versions 2.2.0 through 2.2.1 latest are vulnerable to Insufficient Session Expiration. When a password has been changed by the user or by an administrator, a user that was already logged in, will still have access to the application even after the password was changed...

8.8CVSS0.01024EPSS
Exploits1References2
NVD
NVD
added 2022/01/13 9:15 a.m.27 views

CVE-2022-22112

In DayByDay CRM, versions 1.1 through 2.2.1 latest suffer from an application-wide Client-Side Template Injection CSTI. A low privileged attacker can input template injection payloads in the application at various locations to execute JavaScript on the client browser...

5.4CVSS0.00616EPSS
Exploits1References2
Prion
Prion
added 2022/01/13 9:15 a.m.17 views

Session fixation

In DayByDay CRM, versions 2.2.0 through 2.2.1 latest are vulnerable to Insufficient Session Expiration. When a password has been changed by the user or by an administrator, a user that was already logged in, will still have access to the application even after the password was changed...

6.5CVSS8.7AI score0.01024EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2022/01/13 9:15 a.m.23 views

Design/Logic Flaw

In DayByDay CRM, versions 1.1 through 2.2.1 latest suffer from an application-wide Client-Side Template Injection CSTI. A low privileged attacker can input template injection payloads in the application at various locations to execute JavaScript on the client browser...

3.5CVSS5.9AI score0.00616EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2022/01/13 8:35 a.m.26 views

CVE-2022-22113 DayByDay CRM - Insufficient Session Expiration after Password Change

In DayByDay CRM, versions 2.2.0 through 2.2.1 latest are vulnerable to Insufficient Session Expiration. When a password has been changed by the user or by an administrator, a user that was already logged in, will still have access to the application even after the password was changed...

8.8CVSS7.1AI score0.01024EPSS
Exploits1References4
CVE
CVE
added 2022/01/13 8:35 a.m.74 views

CVE-2022-22113

CVE-2022-22113 affects DayByDay CRM versions 2.2.0 through 2.2.1 (latest). The root issue is Insufficient Session Expiration: after a user or administrator changes a password, an already-logged-in session can continue to access the application. The impact is high for confidentiality, integrity, a...

8.8CVSS8.8AI score0.01024EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2022/01/13 8:35 a.m.32 views

CVE-2022-22113 DayByDay CRM - Insufficient Session Expiration after Password Change

In DayByDay CRM, versions 2.2.0 through 2.2.1 latest are vulnerable to Insufficient Session Expiration. When a password has been changed by the user or by an administrator, a user that was already logged in, will still have access to the application even after the password was changed...

8.8CVSS8.9AI score0.01024EPSS
Exploits1References2
CVE
CVE
added 2022/01/13 8:35 a.m.95 views

CVE-2022-22112

CVE-2022-22112 affects DayByDay CRM, versions 1.1–2.2.1. The issue is an application-wide Client-Side Template Injection (CSTI) that allows a low-privileged attacker to input template payloads at multiple locations to execute JavaScript in the client browser. The primary sources describe the vuln...

5.4CVSS5.8AI score0.00616EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder