Lucene search
K

23 matches found

RedhatCVE
RedhatCVE
added 2026/01/07 9:54 a.m.13 views

CVE-2025-1421

Data provided in a request performed to the server while activating a new device are put in a database. Other high privileged users might download this data as a CSV file and corrupt their PC by opening it in a tool such as Microsoft Excel. The attacker could gain remote access to the user's PC...

2.4CVSS6.8AI score0.00214EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:17 a.m.22 views

CVE-2025-1417

In Proget MDM, a low-privileged user can access information about changes contained in backups of all devices managed by the MDM Mobile Device Management. This information include user ids, email addresses, first names, last names and device UUIDs. The last one can be used for exploitation of...

7CVSS6.2AI score0.0017EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-16005

Malicious code in bioql PyPI...

5.1CVSS6.2AI score0.00214EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-15992

Malicious code in bioql PyPI...

5.1CVSS6.2AI score0.00181EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-16003

Malicious code in bioql PyPI...

5.1CVSS6.2AI score0.00201EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-16004

Malicious code in bioql PyPI...

5.1CVSS6.2AI score0.00201EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-16002

Malicious code in bioql PyPI...

5.1CVSS6.2AI score0.00181EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/23 2:12 p.m.13 views

CVE-2025-1419

Input provided in comment section of Konsola Proget is not sanitized correctly, allowing a high-privileged user to perform a Stored Cross-Site Scripting attack. This issue has been fixed in 2.17.5 version of Konsola Proget server part of the MDM suite...

2.4CVSS6.1AI score0.00201EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:12 p.m.14 views

CVE-2025-1420

Input provided in a field containing "activationMessage" in Konsola Proget is not sanitized correctly, allowing a high-privileged user to perform a Stored Cross-Site Scripting attack. This issue has been fixed in 2.17.5 version of Konsola Proget server part of the MDM suite...

2.4CVSS6.1AI score0.00201EPSS
Exploits0References1
NVD
NVD
added 2025/05/21 1:16 p.m.5 views

CVE-2025-1419

Input provided in comment section of Konsola Proget is not sanitized correctly, allowing a high-privileged user to perform a Stored Cross-Site Scripting attack. This issue has been fixed in 2.17.5 version of Konsola Proget server part of the MDM suite...

2.4CVSS0.00201EPSS
Exploits0References2
NVD
NVD
added 2025/05/21 1:16 p.m.8 views

CVE-2025-1420

Input provided in a field containing "activationMessage" in Konsola Proget is not sanitized correctly, allowing a high-privileged user to perform a Stored Cross-Site Scripting attack. This issue has been fixed in 2.17.5 version of Konsola Proget server part of the MDM suite...

2.4CVSS0.00201EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/05/21 1:4 p.m.16 views

CVE-2025-1420 XSS in Proget MDM

Input provided in a field containing "activationMessage" in Konsola Proget is not sanitized correctly, allowing a high-privileged user to perform a Stored Cross-Site Scripting attack. This issue has been fixed in 2.17.5 version of Konsola Proget server part of the MDM suite...

2.4CVSS0.00201EPSS
Exploits0References2
CVE
CVE
added 2025/05/21 1:4 p.m.50 views

CVE-2025-1420

CVE-2025-1420 affects Konsola Proget (server component of the MDM suite). The issue arises from unsanitized input in the activationMessage field, enabling a Stored Cross-Site Scripting attack by a high-privileged user. Estimated CVSS v4 base score 2.4 (LOW); attack vector Adjacent, privileges req...

2.4CVSS5.8AI score0.00201EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/05/21 1:3 p.m.10 views

CVE-2025-1419 XSS in Proget MDM

Input provided in comment section of Konsola Proget is not sanitized correctly, allowing a high-privileged user to perform a Stored Cross-Site Scripting attack. This issue has been fixed in 2.17.5 version of Konsola Proget server part of the MDM suite...

2.4CVSS6.1AI score0.00201EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/05/21 1:3 p.m.12 views

CVE-2025-1419 XSS in Proget MDM

Input provided in comment section of Konsola Proget is not sanitized correctly, allowing a high-privileged user to perform a Stored Cross-Site Scripting attack. This issue has been fixed in 2.17.5 version of Konsola Proget server part of the MDM suite...

2.4CVSS0.00201EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/05/21 1:3 p.m.13 views

CVE-2025-1417 Information disclosure in Proget MDM

In Proget MDM, a low-privileged user can access information about changes contained in backups of all devices managed by the MDM Mobile Device Management. This information include user ids, email addresses, first names, last names and device UUIDs. The last one can be used for exploitation of...

4.6CVSS0.00163EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/05/21 1:3 p.m.6 views

CVE-2025-1416 Password disclosure in Proget MDM

In Proget MDM, a low-privileged user can retrieve passwords for managed devices and subsequently use functionalities restricted by the MDM Mobile Device Management. For it to happen, they must know the UUIDs of targetted devices, which might be obtained by exploiting CVE-2025-1415 or CVE-2025-141...

7CVSS6.5AI score0.00181EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/05/21 1:3 p.m.14 views

CVE-2025-1416 Password disclosure in Proget MDM

In Proget MDM, a low-privileged user can retrieve passwords for managed devices and subsequently use functionalities restricted by the MDM Mobile Device Management. For it to happen, they must know the UUIDs of targetted devices, which might be obtained by exploiting CVE-2025-1415 or CVE-2025-141...

7CVSS0.0017EPSS
Exploits0References2
CVE
CVE
added 2025/05/21 10:38 a.m.52 views

CVE-2025-1415

In Proget MDM, the CVE-2025-1415 issue concerns a low-privileged user who can retrieve information about tasks run on managed devices and obtain device UUIDs needed for exploitation of CVE-2025-1416. The attack requires knowing a task_id, but brute-forcing is possible due to lack of request limit...

5.1CVSS5.9AI score0.00181EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/05/21 12:0 a.m.2 views

PT-2025-22351 · Unknown · Konsola Proget

Name of the Vulnerable Software and Affected Versions: Konsola Proget versions prior to 2.17.5 Description: The issue is related to improper sanitization of input in the comment section of Konsola Proget, allowing a high-privileged user to perform a Stored Cross-Site Scripting attack...

2.4CVSS5.7AI score0.00201EPSS
Exploits0References5
Rows per page
Query Builder