CVE-2025-35033

Medical Informatics Engineering Enterprise Health has a CSV injection vulnerability that allows a remote, authenticated attacker to inject macros in downloadable CSV files. This issue is fixed as of 2025-03-14...

Hitachi Energy Asset Suite (Update A)

RISK EVALUATION Successful exploitation of this vulnerability could result in the manipulation of content or the injection of data with the potential of carrying out further malicious attacks. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of...

CVE-2025-35030

Medical Informatics Engineering Enterprise Health has a cross site request forgery vulnerability that allows an unauthenticated attacker to trick administrative users into clicking a crafted URL and perform actions on behalf of that administrative user. This issue is fixed as of 2025-04-08...

CVE-2025-35033

Medical Informatics Engineering Enterprise Health has a CSV injection vulnerability that allows a remote, authenticated attacker to inject macros in downloadable CSV files. This issue is fixed as of 2025-03-14...

CVE-2025-35033

CVE-2025-35033 concerns Medical Informatics Engineering Enterprise Health. Affected: the platform's CSV export/download feature allowing a remote, authenticated attacker to inject macros into downloadable CSV files (CSV injection). Root cause details are not expanded in the provided documents bey...

CVE-2025-35033 Medical Informatics Engineering Enterprise Health CSV injection

Medical Informatics Engineering Enterprise Health has a CSV injection vulnerability that allows a remote, authenticated attacker to inject macros in downloadable CSV files. This issue is fixed as of 2025-03-14...

CVE-2025-35032 Medical Informatics Engineering Enterprise Health arbitrary file upload

Medical Informatics Engineering Enterprise Health allows authenticated users to upload arbitrary files. The impact of this behavior depends on how files are accessed. This issue is fixed as of 2025-04-08...

CVE-2025-35030 Medical Informatics Engineering Enterprise Health cross site request forgery

Medical Informatics Engineering Enterprise Health has a cross site request forgery vulnerability that allows an unauthenticated attacker to trick administrative users into clicking a crafted URL and perform actions on behalf of that administrative user. This issue is fixed as of 2025-04-08...

Hacking-Tools-Master

🔐 Hacking-Tools Master A modular & documented collection of P...

Medical Informatics Engineering Enterprise Health 安全漏洞

Medical Informatics Engineering Enterprise Health is a healthcare solution from US-based Medical Informatics Engineering. A security vulnerability exists in Medical Informatics Engineering Enterprise Health that stems from the inclusion of a user's current session token in the debug output, which...

Mapping Quantum Threats: An Engineering Inventory of Cryptographic Dependencies

The emergence of large-scale quantum computers, powered by algorithms like Shor's and Grover's, poses an existential threat to modern public-key cryptography. This vulnerability stems from the ability of these machines to efficiently solve the hard mathematical problems - such as integer...

Medical Informatics Engineering Enterprise Health 安全漏洞

Medical Informatics Engineering Enterprise Health is a healthcare solution from US-based Medical Informatics Engineering. A security vulnerability exists in Medical Informatics Engineering Enterprise Health that stems from allowing authenticated users to upload arbitrary files, which could result...

PT-2025-39871

Name of the Vulnerable Software and Affected Versions Medical Informatics Engineering Enterprise Health affected versions not specified Description The software contains a cross site request forgery condition. An unauthenticated attacker can deceive administrative users into clicking a specially...

Medical Informatics Engineering Enterprise Health 安全漏洞

Medical Informatics Engineering Enterprise Health is a healthcare solution from US-based Medical Informatics Engineering. A security vulnerability exists in Medical Informatics Engineering Enterprise Health that stems from the presence of reflective cross-site scripting in the portletuserid URL...

Medical Informatics Engineering Enterprise Health 安全漏洞

Medical Informatics Engineering Enterprise Health is a healthcare solution from US-based Medical Informatics Engineering. A security vulnerability exists in Medical Informatics Engineering Enterprise Health that stems from susceptibility to cross-site request forgery attacks that could lead to an...

AutoML in Cybersecurity: An Empirical Study

Automated machine learning AutoML has emerged as a promising paradigm for automating machine learning ML pipeline design, broadening AI adoption. Yet its reliability in complex domains such as cybersecurity remains underexplored. This paper systematically evaluates eight open-source AutoML...

CVE-2025-1396

A username enumeration vulnerability exists in multiple WSO2 products when Multi-Attribute Login is enabled. In this configuration, the system returns a distinct "User does not exist" error message to the login form, regardless of the validateusername setting. This behavior allows malicious actor...

CVE-2025-1396

A username enumeration vulnerability exists in multiple WSO2 products when Multi-Attribute Login is enabled. In this configuration, the system returns a distinct "User does not exist" error message to the login form, regardless of the validateusername setting. This behavior allows malicious actor...

CVE-2025-20334

A vulnerability in the HTTP API subsystem of Cisco IOS XE Software could allow a remote attacker to inject commands that will execute with root privileges into the underlying operating system. This vulnerability is due to insufficient input validation. An attacker with administrative privileges...

Security Bulletin: Due to the use of CKEditor, IBM Engineering Lifecycle Management - Jazz Foundation is affected by a Cross-Site scripting vulnerability

Summary Below vulnerability has been identified in CKEditor, which has been addressed by IBM Engineering Lifecycle Management - Jazz Foundation. Vulnerability Details CVEID:CVE-2023-4771 DESCRIPTION: A Cross-Site scripting vulnerability has been found in CKSource CKEditor affecting versions 4.15....