25 matches found
EUVD-2025-13267
Malicious code in bioql PyPI...
EUVD-2025-13257
Malicious code in bioql PyPI...
EUVD-2025-13269
Malicious code in bioql PyPI...
CVE-2025-36558
KUNBUS PiCtory version 2.11.1 and earlier are vulnerable to a cross-site-scripting attack via the ssotoken used for authentication. If an attacker provides the user with a PiCtory URL containing an HTML script as an ssotoken, that script will reply to the user and be executed...
CVE-2025-32011
KUNBUS PiCtory versions 2.5.0 through 2.11.1 have an authentication bypass vulnerability where a remote attacker can bypass authentication to get access due to a path traversal...
CVE-2025-35996
KUNBUS PiCtory version 2.11.1 and earlier are vulnerable when an authenticated remote attacker crafts a special filename that can be stored by API endpoints. That filename is later transmitted to the client in order to show a list of configuration files. Due to a missing escape or sanitization, t...
CVE-2025-36558
KUNBUS PiCtory version 2.11.1 and earlier are vulnerable to a cross-site-scripting attack via the ssotoken used for authentication. If an attacker provides the user with a PiCtory URL containing an HTML script as an ssotoken, that script will reply to the user and be executed...
CVE-2025-35996
KUNBUS PiCtory version 2.11.1 and earlier are vulnerable when an authenticated remote attacker crafts a special filename that can be stored by API endpoints. That filename is later transmitted to the client in order to show a list of configuration files. Due to a missing escape or sanitization, t...
CVE-2025-32011
KUNBUS PiCtory versions 2.5.0 through 2.11.1 have an authentication bypass vulnerability where a remote attacker can bypass authentication to get access due to a path traversal...
CVE-2025-36558 KUNBUS Revolution Pi Improper Neutralization of Server-Side Includes (SSI) Within a Web Page
KUNBUS PiCtory version 2.11.1 and earlier are vulnerable to a cross-site-scripting attack via the ssotoken used for authentication. If an attacker provides the user with a PiCtory URL containing an HTML script as an ssotoken, that script will reply to the user and be executed...
CVE-2025-36558 KUNBUS Revolution Pi Improper Neutralization of Server-Side Includes (SSI) Within a Web Page
KUNBUS PiCtory version 2.11.1 and earlier are vulnerable to a cross-site-scripting attack via the ssotoken used for authentication. If an attacker provides the user with a PiCtory URL containing an HTML script as an ssotoken, that script will reply to the user and be executed...
CVE-2025-36558
KUNBUS Revolution Pi PiCtory (versions 2.11.1 and earlier) is affected by multiple XSS and auth-related CVEs. The core issue is insufficient input sanitization of the sso_token in PiCtory, enabling reflected XSS via the token and stored XSS via crafted filenames; separate authentication bypass vi...
CVE-2025-35996
CVE-2025-35996 concerns KUNBUS Revolution Pi PiCtory: versions 2.11.1 and earlier are vulnerable to a cross-site scripting (XSS) flaw caused by unescaped filenames stored by API endpoints. An authenticated remote attacker can craft a filename that is later rendered in the client’s HTML (via expor...
CVE-2025-32011 KUNBUS Revolution Pi Authentication Bypass by Primary Weakness
KUNBUS PiCtory versions 2.5.0 through 2.11.1 have an authentication bypass vulnerability where a remote attacker can bypass authentication to get access due to a path traversal...
CVE-2025-32011
CVE-2025-32011 involves KUNBUS Revolution Pi PiCtory (versions 2.5.0–2.11.1). A path-traversal weakness in the PiCtory login flow can be exploited by a remote attacker to bypass authentication and gain access to the I/O configuration surface and expansion modules. The Linked Pentest Partners writ...
CVE-2025-32011 KUNBUS Revolution Pi Authentication Bypass by Primary Weakness
KUNBUS PiCtory versions 2.5.0 through 2.11.1 have an authentication bypass vulnerability where a remote attacker can bypass authentication to get access due to a path traversal...
PT-2025-18695 · Kunbus · Kunbus Pictory
Name of the Vulnerable Software and Affected Versions: KUNBUS PiCtory versions 2.11.1 and earlier Description: The issue arises when an authenticated remote attacker crafts a special filename that can be stored by API endpoints, which is later transmitted to the client to show a list of...
PT-2025-18781 · Undefined · Undefined
Name of the Vulnerable Software and Affected Versions: IntelR TiberTM Edge Platform Edge Orchestrator versions prior to 24.11.1 Description: A protection mechanism failure exists in some Edge Orchestrator software. An authenticated user may be able to enable a denial of service via adjacent acces...
KUNBUS PiCtory 安全漏洞
KUNBUS PiCtory is a graphical software tool from KUNBUS Corporation for configuring and managing KUNBUS Revolution Pi industrial computers. A security vulnerability exists in KUNBUS PiCtory version 2.11.1 and earlier, which stems from unescaped filenames and could lead to a cross-site scripting...
PT-2025-18697 · Kunbus · Kunbus Pictory
Name of the Vulnerable Software and Affected Versions: KUNBUS PiCtory versions 2.11.1 and earlier Description: The issue allows for cross-site scripting attacks via the sso token used for authentication. If an attacker provides a user with a KUNBUS PiCtory URL containing an HTML script as an sso...