CISA Adds Three Known Exploited Vulnerabilities to Catalog

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2021-22054link is external Omnissa Workspace ONE Server-Side Request Forgery CVE-2025-26399link is external SolarWinds Web Help Desk Deserialization of...

Omnissa Workspace ONE UEM - Path Traversal

Omnissa Workspace ONE UEM contains a path traversal caused by crafted GET requests to restricted API endpoints, letting malicious actors access sensitive information, exploit requires sending crafted requests. id: CVE-2025-25231 info: name: Omnissa Workspace ONE UEM - Path Traversal author:...

Omnissa Workspace ONE UEM 24.2.x < 24.2.0.36 / 24.6.x < 24.6.0.44 / 24.10.x < 24.10.0.25 (OMSA-2025-0005)

The version of Omnissa Workspace ONE UEM installed on the remote host is prior to 24.2.0.36, 24.6.0.44, or 24.10.0.25. It is, therefore, affected by a vulnerability as referenced in the omsa-2025-0005 advisory. - Omnissa Workspace ONE UEM contains an observable response discrepancy vulnerability....

Omnissa Workspace ONE UEM 安全漏洞

Omnissa Workspace ONE UEM is an endpoint management platform from Omnissa USA. A security vulnerability exists in Omnissa Workspace ONE UEM that stems from an observable response discrepancy that could cause a malicious actor to enumerate sensitive information such as tenant IDs and user accounts...

PT-2025-46681

Name of the Vulnerable Software and Affected Versions Omnissa Workspace ONE UEM affected versions not specified Description A discrepancy in observable responses exists in Omnissa Workspace ONE UEM. This could allow a malicious actor to enumerate sensitive information, including tenant ID and use...

EUVD-2025-11481

Malicious code in bioql PyPI...

EUVD-2025-11483

Malicious code in bioql PyPI...

EUVD-2024-34421

Malicious code in bioql PyPI...

EUVD-2024-34420

Malicious code in bioql PyPI...

EUVD-2025-24167

Malicious code in bioql PyPI...

EUVD-2025-24188

Malicious code in bioql PyPI...

CVE-2025-25235

Server-Side Request Forgery SSRF in Omnissa Secure Email Gateway SEG in SEG prior to 2.32 running on Windows and SEG prior to 2503 running on UAG allows routing of network traffic such as HTTP requests to internal networks...

CVE-2025-25235

Server-Side Request Forgery SSRF in Omnissa Secure Email Gateway SEG in SEG prior to 2.32 running on Windows and SEG prior to 2503 running on UAG allows routing of network traffic such as HTTP requests to internal networks...

CVE-2025-25235 Omnissa Secure Email Gateway (SEG) updates address Server-Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery SSRF in Omnissa Secure Email Gateway SEG in SEG prior to 2.32 running on Windows and SEG prior to 2503 running on UAG allows routing of network traffic such as HTTP requests to internal networks...

CVE-2025-25235

CVE-2025-25235 describes a Server-Side Request Forgery (SSRF) in Omnissa Secure Email Gateway (SEG). The vulnerability affects SEG on Windows prior to 2.32 and SEG on UAG prior to 2503, enabling an attacker to route internal-network traffic (e.g., HTTP requests) through the gateway. The CVSS 3.1 ...

CVE-2025-25235 Omnissa Secure Email Gateway (SEG) updates address Server-Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery SSRF in Omnissa Secure Email Gateway SEG in SEG prior to 2.32 running on Windows and SEG prior to 2503 running on UAG allows routing of network traffic such as HTTP requests to internal networks...

CVE-2025-25229

Omnissa Workspace ONE UEM contains a Server-Side Request Forgery SSRF Vulnerability. A malicious actor with user privileges may be able to access restricted internal system information, potentially enabling enumeration of internal network resources...

CVE-2025-25229

Omnissa Workspace ONE UEM contains a Server-Side Request Forgery SSRF Vulnerability. A malicious actor with user privileges may be able to access restricted internal system information, potentially enabling enumeration of internal network resources...

CVE-2025-25229

Omnissa Workspace ONE UEM is affected by a Server-Side Request Forgery (SSRF) vulnerability (CVE-2025-25229). The issue could allow a user with privileges to access restricted internal information and enumerate internal network resources via API endpoints. The connected documents corroborate the ...

CVE-2025-25231

Omnissa Workspace ONE UEM contains a Secondary Context Path Traversal Vulnerability. A malicious actor may be able to gain access to sensitive information by sending crafted GET requests read-only to restricted API endpoints...