16 matches found
CVE-2025-40587
A vulnerability has been identified in Polarion V2404 All versions V2404.5, Polarion V2410 All versions V2410.2. The affected application allows arbitrary JavaScript code be included in document titles. This could allow an authenticated remote attacker to conduct a stored cross-site scripting...
EUVD-2024-54492
Malicious code in bioql PyPI...
EUVD-2024-54494
Malicious code in bioql PyPI...
EUVD-2024-54477
Malicious code in bioql PyPI...
CVE-2024-51446
A vulnerability has been identified in Polarion V2310 All versions, Polarion V2404 All versions V2404.4. The file upload feature of the affected application improperly sanitizes xml files. This could allow an authenticated remote attacker to conduct a stored cross-site scripting attack by uploadi...
CVE-2024-51444
A vulnerability has been identified in Polarion V2310 All versions, Polarion V2404 All versions V2404.4. The application insufficiently validates user input for database read queries. This could allow an authenticated remote attacker to conduct an SQL injection attack that bypasses authorization...
CVE-2024-51446
A vulnerability has been identified in Polarion V2310 All versions, Polarion V2404 All versions V2404.4. The file upload feature of the affected application improperly sanitizes xml files. This could allow an authenticated remote attacker to conduct a stored cross-site scripting attack by uploadi...
CVE-2024-51445
A vulnerability has been identified in Polarion V2310 All versions, Polarion V2404 All versions V2404.4. The affected application contains a XML External Entity Injection XXE vulnerability in the docx import feature. This could allow an authenticated remote attacker to read arbitrary data from th...
CVE-2024-51444
A vulnerability has been identified in Polarion V2310 All versions, Polarion V2404 All versions V2404.4. The application insufficiently validates user input for database read queries. This could allow an authenticated remote attacker to conduct an SQL injection attack that bypasses authorization...
CVE-2024-51447
A vulnerability has been identified in Polarion V2310 All versions, Polarion V2404 All versions V2404.2. The login implementation of the affected application contains an observable response discrepancy vulnerability when validating usernames. This could allow an unauthenticated remote attacker to...
CVE-2024-51447
CVE-2024-51447 affects Siemens Polarion: login validation exposes an observable response discrepancy that lets an unauthenticated attacker distinguish valid from invalid usernames. Affected products: Polarion V2310 (All versions) and Polarion V2404 (All versions
CVE-2024-51446
A vulnerability has been identified in Polarion V2310 All versions, Polarion V2404 All versions V2404.4. The file upload feature of the affected application improperly sanitizes xml files. This could allow an authenticated remote attacker to conduct a stored cross-site scripting attack by uploadi...
CVE-2024-51445
A vulnerability has been identified in Polarion V2310 All versions, Polarion V2404 All versions V2404.4. The affected application contains a XML External Entity Injection XXE vulnerability in the docx import feature. This could allow an authenticated remote attacker to read arbitrary data from th...
CVE-2024-51444
A vulnerability has been identified in Polarion V2310 All versions, Polarion V2404 All versions V2404.4. The application insufficiently validates user input for database read queries. This could allow an authenticated remote attacker to conduct an SQL injection attack that bypasses authorization...
PT-2025-20845 · Siemens · Polarion
Name of the Vulnerable Software and Affected Versions: Polarion V2310 All versions Polarion V2404 versions prior to V2404.4 Description: A vulnerability has been identified in the affected application, which contains a XML External Entity Injection XXE vulnerability in the docx import feature. Th...
PT-2025-20844 · Siemens · Polarion
Name of the Vulnerable Software and Affected Versions: Polarion V2310 All versions Polarion V2404 versions prior to V2404.4 Description: The application insufficiently validates user input for database read queries, which could allow an authenticated remote attacker to conduct an SQL injection...