EUVD-2021-6878

Malicious code in bioql PyPI...

EUVD-2022-35972

Malicious code in bioql PyPI...

EUVD-2024-54502

Malicious code in bioql PyPI...

EUVD-2022-25928

Malicious code in bioql PyPI...

EUVD-2021-9471

Malicious code in bioql PyPI...

EUVD-2024-30725

Malicious code in bioql PyPI...

EUVD-2024-39607

Malicious code in bioql PyPI...

CVE-2025-24525

Keysight Ixia Vision has an issue with hardcoded cryptographic material which may allow an attacker to intercept or decrypt payloads sent to the device via API calls or user authentication if the end user does not replace the TLS certificate that shipped with the device. Remediation is available ...

CVE-2025-40646

Stored Cross-Site Scripting XSS vulnerability in Energy CRM v2025 by Status Tracker Ltd, consisting of a stored XSS due to lack of proper validation of user input by sending a POST request to “/crm/createjobsubmit.php”, using the “JobCreatedBy” parameter. This vulnerability could allow a remote...

CVE-2025-40646

CVE-2025-40646 describes a Stored Cross-Site Scripting (XSS) in Energy CRM v2025 by Status Tracker Ltd. The vulnerability arises from insufficient validation of user input in a POST to /crm/create_job_submit.php, using the JobCreatedBy parameter. An attacker could craft a request that, when viewe...

CVE-2025-40646 Multiple vulnerabilities in Energy CRM by Status Tracker

Stored Cross-Site Scripting XSS vulnerability in Energy CRM v2025 by Status Tracker Ltd, consisting of a stored XSS due to lack of proper validation of user input by sending a POST request to “/crm/createjobsubmit.php”, using the “JobCreatedBy” parameter. This vulnerability could allow a remote...

PT-2025-40330

Name of the Vulnerable Software and Affected Versions Viday affected versions not specified Description The software exhibits a flaw that could allow an attacker to obtain sensitive customer information. This is achieved by intercepting HTTP requests and locating JWTs within the request payload...

CVE-2025-24525 Keysight Ixia Vision Product Family Use of Hard-coded Cryptographic Key

Keysight Ixia Vision has an issue with hardcoded cryptographic material which may allow an attacker to intercept or decrypt payloads sent to the device via API calls or user authentication if the end user does not replace the TLS certificate that shipped with the device. Remediation is available ...

CVE-2024-55017

Account Takeover in Corezoid 6.6.0 in the OAuth2 implementation via an open redirect in the redirecturi parameter allows attackers to intercept authorization codes and gain unauthorized access to victim accounts...

CVE-2025-11155

The credentials required to access the device's web server are sent in base64 within the HTTP headers. Since base64 is not considered a strong cipher, an attacker could intercept the web request handling the login and obtain the credentials...

PT-2025-40033

Name of the Vulnerable Software and Affected Versions Keysight Ixia Vision versions prior to 6.9.1 Description Keysight Ixia Vision contains hardcoded cryptographic material. This may allow an attacker to intercept or decrypt payloads sent to the device via API calls or user authentication. The...

PT-2025-40013

Name of the Vulnerable Software and Affected Versions NiceHash QuickMiner version 6.12.0 Description The software updates are performed over HTTP without validating digital signatures or hash checks. An attacker intercepting or redirecting traffic to the update URL can hijack the update process a...

Keysight Ixia Vision 安全漏洞

Keysight Ixia Vision is a series of network packet proxies from Keysight Corporation USA. A security vulnerability exists in Keysight Ixia Vision that stems from hard-coded cryptographic material that could lead to the interception or decryption of payloads...

CVE-2025-11155 WEAK ENCODING FOR PASSWORD IN DEVICE SERVER CONFIGURATION

The credentials required to access the device's web server are sent in base64 within the HTTP headers. Since base64 is not considered a strong cipher, an attacker could intercept the web request handling the login and obtain the credentials...

Vasion Print Virtual Appliance Host 安全漏洞

Vasion Print Virtual Appliance Host is a print management software from Vasion USA. A security vulnerability exists in Vasion Print Virtual Appliance Host versions prior to 22.0.1049, which stems from the fact that private and public key certificates are stored in clear text, which could lead to...