23 matches found
CVE-2025-1421
Data provided in a request performed to the server while activating a new device are put in a database. Other high privileged users might download this data as a CSV file and corrupt their PC by opening it in a tool such as Microsoft Excel. The attacker could gain remote access to the user's PC...
CVE-2025-1417
In Proget MDM, a low-privileged user can access information about changes contained in backups of all devices managed by the MDM Mobile Device Management. This information include user ids, email addresses, first names, last names and device UUIDs. The last one can be used for exploitation of...
EUVD-2025-16005
Malicious code in bioql PyPI...
EUVD-2025-15992
Malicious code in bioql PyPI...
EUVD-2025-16003
Malicious code in bioql PyPI...
EUVD-2025-16004
Malicious code in bioql PyPI...
EUVD-2025-16002
Malicious code in bioql PyPI...
CVE-2025-1419
Input provided in comment section of Konsola Proget is not sanitized correctly, allowing a high-privileged user to perform a Stored Cross-Site Scripting attack. This issue has been fixed in 2.17.5 version of Konsola Proget server part of the MDM suite...
CVE-2025-1420
Input provided in a field containing "activationMessage" in Konsola Proget is not sanitized correctly, allowing a high-privileged user to perform a Stored Cross-Site Scripting attack. This issue has been fixed in 2.17.5 version of Konsola Proget server part of the MDM suite...
CVE-2025-1419
Input provided in comment section of Konsola Proget is not sanitized correctly, allowing a high-privileged user to perform a Stored Cross-Site Scripting attack. This issue has been fixed in 2.17.5 version of Konsola Proget server part of the MDM suite...
CVE-2025-1420
Input provided in a field containing "activationMessage" in Konsola Proget is not sanitized correctly, allowing a high-privileged user to perform a Stored Cross-Site Scripting attack. This issue has been fixed in 2.17.5 version of Konsola Proget server part of the MDM suite...
CVE-2025-1420 XSS in Proget MDM
Input provided in a field containing "activationMessage" in Konsola Proget is not sanitized correctly, allowing a high-privileged user to perform a Stored Cross-Site Scripting attack. This issue has been fixed in 2.17.5 version of Konsola Proget server part of the MDM suite...
CVE-2025-1420
CVE-2025-1420 affects Konsola Proget (server component of the MDM suite). The issue arises from unsanitized input in the activationMessage field, enabling a Stored Cross-Site Scripting attack by a high-privileged user. Estimated CVSS v4 base score 2.4 (LOW); attack vector Adjacent, privileges req...
CVE-2025-1419 XSS in Proget MDM
Input provided in comment section of Konsola Proget is not sanitized correctly, allowing a high-privileged user to perform a Stored Cross-Site Scripting attack. This issue has been fixed in 2.17.5 version of Konsola Proget server part of the MDM suite...
CVE-2025-1419 XSS in Proget MDM
Input provided in comment section of Konsola Proget is not sanitized correctly, allowing a high-privileged user to perform a Stored Cross-Site Scripting attack. This issue has been fixed in 2.17.5 version of Konsola Proget server part of the MDM suite...
CVE-2025-1417 Information disclosure in Proget MDM
In Proget MDM, a low-privileged user can access information about changes contained in backups of all devices managed by the MDM Mobile Device Management. This information include user ids, email addresses, first names, last names and device UUIDs. The last one can be used for exploitation of...
CVE-2025-1416 Password disclosure in Proget MDM
In Proget MDM, a low-privileged user can retrieve passwords for managed devices and subsequently use functionalities restricted by the MDM Mobile Device Management. For it to happen, they must know the UUIDs of targetted devices, which might be obtained by exploiting CVE-2025-1415 or CVE-2025-141...
CVE-2025-1416 Password disclosure in Proget MDM
In Proget MDM, a low-privileged user can retrieve passwords for managed devices and subsequently use functionalities restricted by the MDM Mobile Device Management. For it to happen, they must know the UUIDs of targetted devices, which might be obtained by exploiting CVE-2025-1415 or CVE-2025-141...
CVE-2025-1415
In Proget MDM, the CVE-2025-1415 issue concerns a low-privileged user who can retrieve information about tasks run on managed devices and obtain device UUIDs needed for exploitation of CVE-2025-1416. The attack requires knowing a task_id, but brute-forcing is possible due to lack of request limit...
PT-2025-22351 · Unknown · Konsola Proget
Name of the Vulnerable Software and Affected Versions: Konsola Proget versions prior to 2.17.5 Description: The issue is related to improper sanitization of input in the comment section of Konsola Proget, allowing a high-privileged user to perform a Stored Cross-Site Scripting attack...