CVE-2025-1421

Data provided in a request performed to the server while activating a new device are put in a database. Other high privileged users might download this data as a CSV file and corrupt their PC by opening it in a tool such as Microsoft Excel. The attacker could gain remote access to the user's PC...

CVE-2025-1417

In Proget MDM, a low-privileged user can access information about changes contained in backups of all devices managed by the MDM Mobile Device Management. This information include user ids, email addresses, first names, last names and device UUIDs. The last one can be used for exploitation of...

CVE-2025-1416

In Proget MDM, a low-privileged user can retrieve passwords for managed devices and subsequently use functionalities restricted by the MDM Mobile Device Management. For it to happen, they must know the UUIDs of targetted devices, which might be obtained by exploiting CVE-2025-1415 or CVE-2025-141...

EUVD-2017-7060

Malware in sbrugna...

EUVD-2017-6421

Malware in sbrugna...

EUVD-2025-16004

Malicious code in bioql PyPI...

EUVD-2025-16003

Malicious code in bioql PyPI...

EUVD-2025-16000

Malicious code in bioql PyPI...

EUVD-2025-16005

Malicious code in bioql PyPI...

EUVD-2025-16002

Malicious code in bioql PyPI...

EUVD-2022-4069

Malicious code in bioql PyPI...

EUVD-2025-13348

Malicious code in bioql PyPI...

EUVD-2025-15992

Malicious code in bioql PyPI...

CVE-2025-1418

A low-privileged user can access information about profiles created in Proget MDM Mobile Device Management, which contain details about allowed/prohibited functions. The profiles do not reveal any sensitive information including their usage in connected devices. This issue has been fixed in 2.17....

CVE-2025-1419

Input provided in comment section of Konsola Proget is not sanitized correctly, allowing a high-privileged user to perform a Stored Cross-Site Scripting attack. This issue has been fixed in 2.17.5 version of Konsola Proget server part of the MDM suite...

CVE-2025-1420

Input provided in a field containing "activationMessage" in Konsola Proget is not sanitized correctly, allowing a high-privileged user to perform a Stored Cross-Site Scripting attack. This issue has been fixed in 2.17.5 version of Konsola Proget server part of the MDM suite...

CVE-2025-1415

A low-privileged user is able to obtain information about tasks executed on devices controlled by Proget MDM Mobile Device Management, as well as details of the devices like their UUIDs needed for exploitation of CVE-2025-1416. In order to perform the attack, one has to know a taskid, but since...

CVE-2018-1999034

A man in the middle vulnerability exists in Jenkins Inedo ProGet Plugin 0.8 and earlier in ProGetApi.java, ProGetConfig.java, ProGetConfiguration.java that allows attackers to impersonate any service that Jenkins connects to...

CVE-2017-14944

Inedo ProGet before 4.7.14 does not properly address dangerous package IDs during package addition, aka PG-1060...

CVE-2019-10412

Jenkins Inedo ProGet Plugin 1.2 and earlier transmitted configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure...