CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 2025/10/30 5:38 p.m.•2 views

EUVD-2025-37056

Malicious code in set-egs-backend npm...

6.6AI score

OSSF Malicious Packages•added 2025/10/30 5:38 p.m.•3 views

Malicious code in qa-egs-rollback (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f069cbe096962a4415247fec584da742da87006805e2e0a12d2e0a080936479d The package qa-egs-rollback was found to contain malicious code...

OSSF Malicious Packages•added 2025/10/30 5:38 p.m.•2 views

Malicious code in set-egs-backend (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bbceb6929d59ced3a4df01c1d61f7da54d4d0a85e467329fecd5f44e59d43f32 The package set-egs-backend was found to contain malicious code...

OSV•added 2025/10/30 5:38 p.m.•1 views

MAL-2025-49237 Malicious code in set-egs-backend (npm)

OSV•added 2025/10/30 5:38 p.m.•1 views

MAL-2025-49235 Malicious code in qa-egs-rollback (npm)

Positive Technologies•added 2024/08/14 12:0 a.m.•2 views

PT-2024-13684 · Unknown · Openbmc Firmware

Name of the Vulnerable Software and Affected Versions: OpenBMC Firmware versions prior to egs-1.15-0 OpenBMC Firmware versions prior to bhs-0.27 Description: The issue is an out of bounds read that may allow a privileged user to potentially enable information disclosure via local access...

8.1CVSS6.4AI score0.00054EPSS

Exploits0References3

Positive Technologies•added 2024/08/14 12:0 a.m.•2 views

PT-2024-12501 · Unknown · Openbmc Firmware

Name of the Vulnerable Software and Affected Versions: OpenBMC Firmware versions prior to egs-1.14-0 OpenBMC Firmware versions prior to bhs-0.27 Description: The issue is related to an uncaught exception in OpenBMC Firmware for some IntelR Server Platforms, which may allow an authenticated user t...

5.9CVSS7AI score0.00115EPSS

Exploits0References3

Positive Technologies•added 2024/07/22 12:0 a.m.•3 views

PT-2024-5125 · Sicam Egs +1 · Sicam Egs +4

Name of the Vulnerable Software and Affected Versions: CPCI85 Central Processing/Communication versions prior to V5.40 SICORE Base system versions prior to V1.4.0 SICAM CP-8031, CP-8050, SICAM EGS affected versions not specified Description: The issue is related to the lack of necessary...

10CVSS7.2AI score0.00206EPSS

Exploits0References5

OSSF Malicious Packages•added 2024/06/25 12:41 p.m.•1 views

Malicious code in egs-trusted-domains (npm)

--- -= Per source details. Do not edit below this line.=-...

OSV•added 2024/06/25 12:41 p.m.•3 views

MAL-2024-2286 Malicious code in egs-trusted-domains (npm)

--- -= Per source details. Do not edit below this line.=-...

7.1AI score

OSV•added 2024/02/14 2:15 p.m.•0 views

CVE-2023-31189

Improper authentication in some IntelR Server Product OpenBMC firmware before version egs-1.09 may allow an authenticated user to enable escalation of privilege via local access...

8.8CVSS5.8AI score

OSV•added 2024/02/14 2:15 p.m.•1 views

CVE-2023-32280

Insufficiently protected credentials in some IntelR Server Product OpenBMC firmware before versions egs-1.05 may allow an unauthenticated user to enable information disclosure via network access...

5.3CVSS5.8AI score0.00182EPSS

Positive Technologies•added 2024/02/14 12:0 a.m.•2 views

PT-2024-1780 · Intel · Openbmc

Name of the Vulnerable Software and Affected Versions: IntelR Server Product OpenBMC versions prior to egs-1.05 Description: The issue is related to insufficiently protected credentials in the IntelR Server Product OpenBMC firmware. This may allow an unauthenticated user to enable information...

7.8CVSS5.3AI score0.00182EPSS

Exploits0References4

Openbugbounty•added 2024/01/22 6:24 p.m.•9 views

egs-lgpropartner.it Improper Access Control vulnerability OBB-3840276

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Snyk•added 2023/03/01 8:18 a.m.•1 views

Malicious Package

Overview egs-trusted-domains is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this packa...

9.8CVSS7.1AI score

Exploits0References3

CVE•added 2006/06/27 10:0 a.m.•37 views

CVE-2006-3237

The CVE-2006-3237 entry describes a Cross-site scripting (XSS) flaw in the Enterprise Groupware System (EGS) before or at version 1.2.4, exploitable via the module parameter on index.php. The underlying issue is an input handling/reflective scripting vector that allows remote attackers to inject ...

2.6CVSS5.9AI score0.00527EPSS

Exploits0References6Affected Software1

Cvelist•added 2006/06/27 10:0 a.m.•13 views

CVE-2006-3237

Cross-site scripting XSS vulnerability in index.php in Enterprise Groupware System EGS 1.2.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the module parameter...

5.7AI score0.00527EPSS

Exploits0References6

Packet Storm•added 2006/02/14 12:0 a.m.•45 views

egs_10rc4_php5_incl_xpl.php.txt

--------EGS Enterprise Groupware System 1.0 rc4 possibly prior versions------- remote code execution -------------------------------------------------------------------------------- software: site: http://egs.sourceforge.net/ description: "EGS is an Open Source business system released under the...

7.4AI score