3247 matches found
EUVD-2023-48482
Malicious code in bioql PyPI...
EUVD-2024-39607
Malicious code in bioql PyPI...
EUVD-2024-18065
Malicious code in bioql PyPI...
EUVD-2022-35972
Malicious code in bioql PyPI...
EUVD-2023-52478
Malicious code in bioql PyPI...
EUVD-2022-1253
Malicious code in bioql PyPI...
EUVD-2023-37999
Malicious code in bioql PyPI...
EUVD-2022-25928
Malicious code in bioql PyPI...
EUVD-2021-6878
Malicious code in bioql PyPI...
EUVD-2023-38244
Malicious code in bioql PyPI...
CVE-2025-24525
Keysight Ixia Vision has an issue with hardcoded cryptographic material which may allow an attacker to intercept or decrypt payloads sent to the device via API calls or user authentication if the end user does not replace the TLS certificate that shipped with the device. Remediation is available ...
CVE-2025-40646
Stored Cross-Site Scripting XSS vulnerability in Energy CRM v2025 by Status Tracker Ltd, consisting of a stored XSS due to lack of proper validation of user input by sending a POST request to “/crm/createjobsubmit.php”, using the “JobCreatedBy” parameter. This vulnerability could allow a remote...
CVE-2025-40646
CVE-2025-40646 describes a Stored Cross-Site Scripting (XSS) in Energy CRM v2025 by Status Tracker Ltd. The vulnerability arises from insufficient validation of user input in a POST to /crm/create_job_submit.php, using the JobCreatedBy parameter. An attacker could craft a request that, when viewe...
CVE-2025-40646 Multiple vulnerabilities in Energy CRM by Status Tracker
Stored Cross-Site Scripting XSS vulnerability in Energy CRM v2025 by Status Tracker Ltd, consisting of a stored XSS due to lack of proper validation of user input by sending a POST request to “/crm/createjobsubmit.php”, using the “JobCreatedBy” parameter. This vulnerability could allow a remote...
PT-2025-40330
Name of the Vulnerable Software and Affected Versions Viday affected versions not specified Description The software exhibits a flaw that could allow an attacker to obtain sensitive customer information. This is achieved by intercepting HTTP requests and locating JWTs within the request payload...
CVE-2025-24525 Keysight Ixia Vision Product Family Use of Hard-coded Cryptographic Key
Keysight Ixia Vision has an issue with hardcoded cryptographic material which may allow an attacker to intercept or decrypt payloads sent to the device via API calls or user authentication if the end user does not replace the TLS certificate that shipped with the device. Remediation is available ...
CVE-2024-55017
Account Takeover in Corezoid 6.6.0 in the OAuth2 implementation via an open redirect in the redirecturi parameter allows attackers to intercept authorization codes and gain unauthorized access to victim accounts...
CVE-2025-11155
The credentials required to access the device's web server are sent in base64 within the HTTP headers. Since base64 is not considered a strong cipher, an attacker could intercept the web request handling the login and obtain the credentials...
PT-2025-40033
Name of the Vulnerable Software and Affected Versions Keysight Ixia Vision versions prior to 6.9.1 Description Keysight Ixia Vision contains hardcoded cryptographic material. This may allow an attacker to intercept or decrypt payloads sent to the device via API calls or user authentication. The...
PT-2025-40013
Name of the Vulnerable Software and Affected Versions NiceHash QuickMiner version 6.12.0 Description The software updates are performed over HTTP without validating digital signatures or hash checks. An attacker intercepting or redirecting traffic to the update URL can hijack the update process a...