EUVD-2025-25906

Malicious code in bioql PyPI...

CVE-2025-54599

The Bevy Event service through 2025-07-22, as used for eBay Seller Events and other activities, allows account takeover, if SSO is used, when a victim changes the email address that they have configured. To exploit this, an attacker would create their own account and perform an SSO login. The roo...

CVE-2025-54599

The Bevy Event service through 2025-07-22, as used for eBay Seller Events and other activities, allows account takeover, if SSO is used, when a victim changes the email address that they have configured. To exploit this, an attacker would create their own account and perform an SSO login. The roo...

CVE-2025-54599

The Bevy Event service through 2025-07-22, as used for eBay Seller Events and other activities, allows account takeover, if SSO is used, when a victim changes the email address that they have configured. To exploit this, an attacker would create their own account and perform an SSO login. The roo...

CVE-2025-54599

The Bevy Event service through 2025-07-22, as used for eBay Seller Events and other activities, allows account takeover, if SSO is used, when a victim changes the email address that they have configured. To exploit this, an attacker would create their own account and perform an SSO login. The roo...

CVE-2025-54599

The CVE-2025-54599 entry concerns Bevy Event service versions through 2025-07-22 (used for eBay Seller Events). Affected component is the SSO configuration handling that allows account takeover when a victim changes the configured email address. The root cause is a misconfiguration of SSO, enabli...

CVE-2025-54599

The Bevy Event service through 2025-07-22, as used for eBay Seller Events and other activities, allows account takeover, if SSO is used, when a victim changes the email address that they have configured. To exploit this, an attacker would create their own account and perform an SSO login. The roo...

CVE-2025-54598

The Bevy Event service through 2025-07-22, as used for eBay Seller Events and other activities, allows CSRF to delete all notifications via the /notifications/delete/ URI...

CVE-2025-54598

The Bevy Event service through 2025-07-22, as used for eBay Seller Events and other activities, allows CSRF to delete all notifications via the /notifications/delete/ URI...

CVE-2025-54598

The Bevy Event service through 2025-07-22, as used for eBay Seller Events and other activities, allows CSRF to delete all notifications via the /notifications/delete/ URI...

PT-2025-34886 · Ebay · Bevy Event Service

Name of the Vulnerable Software and Affected Versions: The Bevy Event service versions through 2025-07-22 Description: The Bevy Event service, used for eBay Seller Events and other activities, is susceptible to a Cross-Site Request Forgery CSRF issue. This flaw allows an attacker to delete all...

CVE-2025-54598

The Bevy Event service through 2025-07-22, as used for eBay Seller Events and other activities, allows CSRF to delete all notifications via the /notifications/delete/ URI...

CVE-2025-54598

The Bevy Event service through 2025-07-22, as used for eBay Seller Events and other activities, allows CSRF to delete all notifications via the /notifications/delete/ URI...

CVE-2025-54598

Bevy Event service (as used for eBay Seller Events) up to 2025-07-22 is affected by a Cross-Site Request Forgery (CSRF) vulnerability that enables an attacker to delete all notifications via the /notifications/delete/ endpoint. Root cause is CSRF on the notification-deletion path; impact is parti...

event-service.cc Cross Site Scripting vulnerability OBB-3863885

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Siemens TCP Event Service of SCALANCE And RUGGEDCOM Devices Improper Input Validation (CVE-2022-31766)

A vulnerability has been identified in RUGGEDCOM RM1224 LTE4G EU All versions = V1.1.0 = V1.1.0 = V1.1.0 = V1.1.0 = V1.1.0 = V1.1.0 = V1.1.0 = V1.1.0 V2.0, SCALANCE WUM766-1 US All...

The vulnerability of the system event service in the Microsoft Windows operating system allows a perpetrator to escalate their privileges.

The vulnerability of the COM+ Event System Service in the Microsoft Windows operating system is related to the occurrence of operations outside the buffer in memory. Exploiting this vulnerability can allow an attacker to increase their privileges...

Design/Logic Flaw

A vulnerability has been identified in RUGGEDCOM RM1224 LTE4G EU All versions = V1.1.0 = V1.1.0 = V1.1.0 = V1.1.0 = V1.1.0 = V1.1.0 = V1.1.0 = V1.1.0 V2.0, SCALANCE WUM766-1 US All...

The vulnerability of the UI & Visualization component of the Oracle Hyperion BI+ service, related to insufficient validation of input data, allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the UI & visualization component of the Oracle Hyperion BI+ event service is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information using the HTTP protocol...

Cisco IOS XR Software HTTP 2.0 Request Handling Event Service Daemon Denial of Service Vulnerability (cisco-sa-20161207-ios-xr)

A vulnerability in the HTTP 2.0 request handling code of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause the Event Management Service daemon emsd to crash, resulting in a denial of service DoS condition. Copyright C 2016 Greenbone Networks GmbH Some text description...