27 matches found
EUVD-2019-16555
Malware in sbrugna...
EUVD-2025-6262
Malicious code in bioql PyPI...
CVE-2025-10718
A vulnerability was found in Ooma Office Business Phone App up to 7.2.2 on Android. This affects an unknown part of the component com.ooma.office2. The manipulation results in improper export of android application components. The attack needs to be approached locally. The exploit has been made...
Jinher OA 安全漏洞
Jinher OA is a collaborative management software from Jinher, China. A security vulnerability exists in Jinher OA version 1.0, which originates from improper manipulation of the parameter ID in the file GetTreeDate.aspx, which may lead to an SQL injection attack...
Citrix Virtual Apps and Desktops - MS Office processes crashes or gets stuck on close
When users open MS Access within ICA session and create a form it is one of the objects you can create within Access, save and then close the MSAccess UI, the UI goes away but the process MSAccess.exe remains in task manager consuming resources. The issue is specific to ICA session. The issue is...
CVE-2025-29995
This vulnerability exists in the CAP back office application due to a weak password-reset mechanism implemented at API endpoints. An authenticated remote attacker with a valid login ID could exploit this vulnerability through vulnerable API endpoint which could lead to account takeover of targete...
CVE-2025-29994
This vulnerability exists in the CAP back office application due to improper authentication check at the API endpoint. An unauthenticated remote attacker with a valid login ID could exploit this vulnerability by manipulating API input parameters through API request URL/payload leading to...
CVE-2025-29997
This vulnerability exists in the CAP back office application due to improper authorization checks on certain API endpoints. An authenticated remote attacker could exploit this vulnerability by manipulating API request URL to gain unauthorized access to other user accounts...
CVE-2025-29996
This vulnerability exists in the CAP back office application due to improper implementation of OTP verification mechanism in its API based login. A remote attacker with valid credentials could exploit this vulnerability by manipulating API request URL/payload. Successful exploitation of this...
CVE-2025-29997 Improper Access Control Vulnerability in CAP back office application
This vulnerability exists in the CAP back office application due to improper authorization checks on certain API endpoints. An authenticated remote attacker could exploit this vulnerability by manipulating API request URL to gain unauthorized access to other user accounts...
CVE-2025-29995
The CVE-2025-29995 entry refers to a vulnerability in the CAP back office application caused by a weak password-reset mechanism implemented at API endpoints. An authenticated remote attacker with a valid login ID could exploit the vulnerable API endpoint to achieve account takeover of targeted us...
CVE-2025-29994 Improper Authentication Vulnerability in CAP back office application
This vulnerability exists in the CAP back office application due to improper authentication check at the API endpoint. An unauthenticated remote attacker with a valid login ID could exploit this vulnerability by manipulating API input parameters through API request URL/payload leading to...
Rising Technosoft CAP back office application 授权问题漏洞
Rising Technosoft CAP back office application is a back office application from Rising Technosoft India. The Rising Technosoft CAP back office application suffers from an authorization issue vulnerability that stems from a weak password reset mechanism implemented in the API endpoint that allows ...
Iranian state-sponsored APT group MuddyWater targeting organizations via malicious executables
THREAT LEVEL: Red. United States Cyber Command USCYBERCOM has warned of an ongoing cyber attack by Iranian state sponsored actor named as MuddyWater. This APT group is currently targeting Middle Eastern countries and has also targeted European and North American nations. The Iranian-backed...
CVE-2021-43905
Microsoft Office app Remote Code Execution Vulnerability...
Arbitrary File Deletion Vulnerability in Heartland OA
Heartland OA is a multi-functional and intelligent office application. An arbitrary file deletion vulnerability exists in Heartland OA. An attacker can exploit this vulnerability to delete arbitrary files...
Arbitrary File Download Vulnerability in Heartland OA
Heartland OA is a multi-functional and intelligent office application. An arbitrary file download vulnerability exists in Heartland OA. An attacker can exploit the vulnerability to download arbitrary files...
CVE-2019-7004
A Cross-Site Scripting XSS vulnerability in the WebUI component of IP Office Application Server could allow unauthorized code execution and potentially disclose sensitive information. All product versions 11.x are affected. Product versions prior to 11.0, including unsupported versions, were not...
Cross site scripting
A Cross-Site Scripting XSS vulnerability in the WebUI component of IP Office Application Server could allow unauthorized code execution and potentially disclose sensitive information. All product versions 11.x are affected. Product versions prior to 11.0, including unsupported versions, were not...
CVE-2019-7004
Avaya IP Office Application Server 11.x WebUI is vulnerable to Cross-Site Scripting (XSS) in the login page (via POST) due to improper input sanitization. Exploitation exists (POST username) and could execute arbitrary JavaScript in a user’s browser. Affected versions include 11.x up to 11.0 FP4 ...