18 matches found
EUVD-2025-25038
Malicious code in bioql PyPI...
CVE-2025-9060
A vulnerability has been found in the MSoft MFlash application that allows execution of arbitrary code on the server. The issue occurs in the integration configuration functionality that is only available to MFlash administrators. The vulnerability is related to insufficient validation of...
CVE-2025-9060
A vulnerability has been found in the MSoft MFlash application that allows execution of arbitrary code on the server. The issue occurs in the integration configuration functionality that is only available to MFlash administrators. The vulnerability is related to insufficient validation of...
CVE-2025-9060 MFlash Remote Code Execution (RCE) after authentication of a user with the "administrator" role
A vulnerability has been found in the MSoft MFlash application that allows execution of arbitrary code on the server. The issue occurs in the integration configuration functionality that is only available to MFlash administrators. The vulnerability is related to insufficient validation of...
CVE-2025-9060
CVE-2025-9060 pertains to MSoft MFlash, where insufficient validation of parameters in the integration configuration functionality (accessible to administrators) can lead to arbitrary code execution on the server. Affects MFlash v8.0 (and possibly other versions). Reported remediation is to apply...
CVE-2025-9060 MFlash Remote Code Execution (RCE) after authentication of a user with the "administrator" role
A vulnerability has been found in the MSoft MFlash application that allows execution of arbitrary code on the server. The issue occurs in the integration configuration functionality that is only available to MFlash administrators. The vulnerability is related to insufficient validation of...
PT-2025-33502 · Msoft · Msoft Mflash
Name of the Vulnerable Software and Affected Versions: MSoft MFlash version 8.0 Description: A vulnerability has been found in MSoft MFlash that allows execution of arbitrary code on the server. The issue occurs in the integration configuration functionality, which is only available to...
MSoft MFlash 安全漏洞
MSoft MFlash is a document exchange system from the Russian company MSoft. A security vulnerability exists in MSoft MFlash version 8.0, which stems from insufficient validation of parameters during configuration of the security component and could lead to the execution of arbitrary code...
The vulnerability of the MFlash secure data exchange platform, related to authentication errors, allows attackers to escalate their privileges.
The vulnerability of the MFlash secure data exchange platform is related to authentication errors. Exploiting this vulnerability allows a malicious actor to enhance their privileges and use the file storage system beyond the architectural limitations by intercepting API responses...
The vulnerability of the MFlash secure data exchange platform lies in the lack of mechanisms for neutralizing elements related to CSV files, allowing attackers to execute arbitrary commands.
The vulnerability of the MFlash secure messaging platform is related to the lack of mechanisms for neutralizing elements related to CSV files. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...
The vulnerability of the MFlash secure data exchange platform lies in the lack of protective measures for the website structure, allowing attackers to execute arbitrary code.
The vulnerability of the MFlash secure messaging platform is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code in the administration panel by injecting specially crafted HTML code...
The vulnerability of the MFlash secure data exchange platform lies in the lack of protective measures for the website structure, allowing attackers to execute arbitrary code.
The vulnerability of the MFlash secure messaging platform is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by injecting specially crafted HTML code...
The vulnerability of the pdf.js library on the MFlash secure data exchange platform, related to the lack of protective measures for website structures, allows attackers to execute arbitrary JavaScript code.
The vulnerability of the pdf.js library on the MFlash secure data exchange platform is related to the lack of protective measures for the web page structure. Exploiting this vulnerability could allow an attacker to execute arbitrary JavaScript code remotely...
The vulnerability of the MFlash secure data exchange platform, related to the,。
The vulnerability of the MFlash secure data exchange platform relates to the manipulation of cross-site requests. Exploiting this vulnerability can allow a malicious actor to enhance their privileges remotely...
PT-2024-41098 · Ооо 'Mсофт' · Mflash
Уязвимость библиотеки pdf.js платформы для защищённого обмена данными MFlash связана с непринятием мер по защите структуры веб-страницы, Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, выполнить произвольный JavaScript-код...
PT-2024-41097 · Ооо 'Mсофт' · Mflash
Уязвимость платформы защищённого обмена данными MFlash связана с непринятием мер по защите структуры веб-страницы. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, выполнить произвольный код путём внедрения специально сформированного HTML-кода...
PT-2024-41094 · Ооо 'Mсофт' · Mflash
Уязвимость платформы защищённого обмена данными MFlash связана с непринятием мер по защите структуры веб-страницы. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, выполнить произвольный код в панели администрирования путём внедрения специально сформированного HTML-кода...
PT-2024-41095 · Ооо 'Mсофт' · Mflash
Уязвимость платформы защищённого обмена данными MFlash связана с отсутствием нейтрализации элементов для файлов CSV. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, выполнить произвольные команды...