EUVD-2023-43927

Malicious code in bioql PyPI...

EUVD-2025-6250

Malicious code in bioql PyPI...

Konica Minolta bizhub Multifunction Printer: Pass-Back Attack Vulnerability (NOT FIXED)

Overview During security testing, Rapid7 discovered that Konica Minolta bizhub 227 Multifunction printers MFPs were vulnerable to a pass-back attack. The affected products identified were: Konica Minolta bizhub MFPs Firmware Version: GCQ-Y3 and earlier This issue has been assigned the following...

Pass-Back Attack vulnerability in Konica Minorta bizhub series

Overview Konica Minorta bizhub series provided by Konica Minolta, Inc. contains the following vulnerability. Vulnerability that could allow a Pass-Back Attack CWE-522 - CVE-2025-6081 Konica Minolta, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. Impact...

CVE-2025-6081

CVE-2025-6081 affects Konica Minolta bizhub 227 MFPs (firmware GCQ-Y3 or earlier). The issue enables a pass-back attack by reconfiguring the device to use an external LDAP server controlled by an attacker, which can lead to capturing plaintext LDAP credentials when the device authenticates to tha...

CVE-2025-6081 Pass-back attack in Konica Minolta bizhub 227 multifunctional printers

Insufficiently Protected Credentials in LDAP in Konica Minolta bizhub 227 Multifunction printers version GCQ-Y3 or earlier allows an attacker can reconfigure the target device to use an external LDAP service controlled by the attacker. If an LDAP password is set on the target device, the attacker...

CVE-2025-6081 Pass-back attack in Konica Minolta bizhub 227 multifunctional printers

Insufficiently Protected Credentials in LDAP in Konica Minolta bizhub 227 Multifunction printers version GCQ-Y3 or earlier allows an attacker can reconfigure the target device to use an external LDAP service controlled by the attacker. If an LDAP password is set on the target device, the attacker...

CVE-2024-51984 Authenticated disclosure of external service passwords via pass-back attack affecting multiple models from Brother Industries, Ltd, FUJIFILM Business Innovation, Ricoh, Toshiba Tec, and Konica Minolta, Inc.

An authenticated attacker can reconfigure the target device to use an external service such as LDAP or FTP controlled by the attacker. If an existing password is present for an external service, the attacker can force the target device to authenticate to an attacker controlled device using the...

CVE-2025-1886

Pass-Back vulnerability in versions prior to 2025.35.000 of Sage 200 Spain. This vulnerability allows an authenticated attacker with administrator privileges to discover stored SMTP credentials...

CVE-2025-1886

Pass-Back vulnerability in versions prior to 2025.35.000 of Sage 200 Spain. This vulnerability allows an authenticated attacker with administrator privileges to discover stored SMTP credentials...

CVE-2025-1886

CVE-2025-1886 describes a Pass-Back vulnerability in Sage 200 Spain, affecting versions prior to 2025.35.000. An authenticated user with administrator privileges can disclose stored SMTP credentials, indicating a confidentiality impact. The issue is documented across multiple sources (NVD, Red Ha...

CVE-2025-1886 Pass-Back vulnerability in Sage 200 Spain

Pass-Back vulnerability in versions prior to 2025.35.000 of Sage 200 Spain. This vulnerability allows an authenticated attacker with administrator privileges to discover stored SMTP credentials...

CVE-2025-1886 Pass-Back vulnerability in Sage 200 Spain

Pass-Back vulnerability in versions prior to 2025.35.000 of Sage 200 Spain. This vulnerability allows an authenticated attacker with administrator privileges to discover stored SMTP credentials...

Sage 200 Spain 安全漏洞

Sage 200 Spain is a business management software from Sage. A security vulnerability exists in Sage 200 Spain versions prior to 2025.35.000, which stems from a Pass-Back vulnerability that could lead to the discovery of stored SMTP credentials by a privileged administrator user...

Xerox Versalink Printers Vulnerabilities Could Let Hackers Steal Credentials

Xerox Versalink printers are vulnerable to pass-back attacks. Rapid7 discovers LDAP & SMB flaws CVE-2024-12510 & CVE-2024-12511. Update…...

New Xerox Printer Flaws Could Let Attackers Capture Windows Active Directory Credentials

Security vulnerabilities have been disclosed in Xerox VersaLink C7025 Multifunction printers MFPs that could allow attackers to capture authentication credentials via pass-back attacks via Lightweight Directory Access Protocol LDAP and SMB/FTP services. "This pass-back style attack leverages a...

Xerox Versalink C7025 Multifunction Printer: Pass-Back Attack Vulnerabilities (FIXED)

During security testing, Rapid7 discovered that Xerox Versalink C7025 Multifunction printers MFPs were vulnerable to pass-back attacks. The affected products identified were: Xerox Versalink MFPs Firmware Version: 57.69.91 and earlier This issue has been assigned the following CVEs: CVE-2024-1251...

Xerox Versalink C7025 Multifunction Printer: Pass-Back Attack Vulnerabilities (FIXED)

During security testing, Rapid7 discovered that Xerox Versalink C7025 Multifunction printers MFPs were vulnerable to pass-back attacks. The affected products identified were: Xerox Versalink MFPs Firmware Version: 57.69.91 and earlier This issue has been assigned the following CVEs: CVE-2024-1251...

CVE-2024-12511 SMB/FTP Address Book Scan Pass-back attack

With address book access, SMB/FTP settings could be modified, redirecting scans and possibly capturing credentials. This requires enabled scan functions and printer access...

GHSA-7J9P-67MM-5G87 LTI 1.3 Grade Pass Back Implementation has Missing Authorization Vulnerability

Problem TL;DR: Any LTI tool that is integrated with on the Open edX platform can post a grade back for any LTI XBlock so long as it knows or can guess the block location for that XBlock. In LTI 1.3, LTI tools can "pass back" scores that learners earn while using LTI tools to the edX platform. The...