31 matches found
CVE-2025-1417
In Proget MDM, a low-privileged user can access information about changes contained in backups of all devices managed by the MDM Mobile Device Management. This information include user ids, email addresses, first names, last names and device UUIDs. The last one can be used for exploitation of...
CVE-2025-1416
In Proget MDM, a low-privileged user can retrieve passwords for managed devices and subsequently use functionalities restricted by the MDM Mobile Device Management. For it to happen, they must know the UUIDs of targetted devices, which might be obtained by exploiting CVE-2025-1415 or CVE-2025-141...
EUVD-2025-16000
Malicious code in bioql PyPI...
EUVD-2025-16002
Malicious code in bioql PyPI...
EUVD-2025-15992
Malicious code in bioql PyPI...
CVE-2025-1418
A low-privileged user can access information about profiles created in Proget MDM Mobile Device Management, which contain details about allowed/prohibited functions. The profiles do not reveal any sensitive information including their usage in connected devices. This issue has been fixed in 2.17....
CVE-2025-1415
A low-privileged user is able to obtain information about tasks executed on devices controlled by Proget MDM Mobile Device Management, as well as details of the devices like their UUIDs needed for exploitation of CVE-2025-1416. In order to perform the attack, one has to know a taskid, but since...
CVE-2025-1417
In Proget MDM, a low-privileged user can access information about changes contained in backups of all devices managed by the MDM Mobile Device Management. This information include user ids, email addresses, first names, last names and device UUIDs. The last one can be used for exploitation of...
CVE-2025-1418
A low-privileged user can access information about profiles created in Proget MDM Mobile Device Management, which contain details about allowed/prohibited functions. The profiles do not reveal any sensitive information including their usage in connected devices. This issue has been fixed...
CVE-2025-1416
In Proget MDM, a low-privileged user can retrieve passwords for managed devices and subsequently use functionalities restricted by the MDM Mobile Device Management. For it to happen, they must know the UUIDs of targetted devices, which might be obtained by exploiting CVE-2025-1415 or CVE-2025-141...
CVE-2025-1421
The CVE-2025-1421 issue affects Konsola Proget (server part of the MDM suite). Data submitted during device activation is stored in a database, enabling high-privileged users to export it as CSV and, by opening it in Excel, potentially corrupt the user’s PC. The attacker could gain remote access ...
CVE-2025-1421 Formula injection in a CSV file in Proget MDM
Data provided in a request performed to the server while activating a new device are put in a database. Other high privileged users might download this data as a CSV file and corrupt their PC by opening it in a tool such as Microsoft Excel. The attacker could gain remote access to the user's PC...
CVE-2025-1421 Formula injection in a CSV file in Proget MDM
Data provided in a request performed to the server while activating a new device are put in a database. Other high privileged users might download this data as a CSV file and corrupt their PC by opening it in a tool such as Microsoft Excel. The attacker could gain remote access to the user's PC...
CVE-2025-1420 XSS in Proget MDM
Input provided in a field containing "activationMessage" in Konsola Proget is not sanitized correctly, allowing a high-privileged user to perform a Stored Cross-Site Scripting attack. This issue has been fixed in 2.17.5 version of Konsola Proget server part of the MDM suite...
CVE-2025-1419
Konsola Proget (server part of the MDM suite) is affected by CVE-2025-1419 due to input in the comment section not being sanitized, enabling stored XSS when a high-privileged user interacts with the affected input. Root cause: inadequate sanitization of user-supplied comments leading to script ex...
CVE-2025-1418 Information disclosure in Proget MDM
A low-privileged user can access information about profiles created in Proget MDM Mobile Device Management, which contain details about allowed/prohibited functions. The profiles do not reveal any sensitive information including their usage in connected devices. This issue has been fixed...
CVE-2025-1418 Information disclosure in Proget MDM
A low-privileged user can access information about profiles created in Proget MDM Mobile Device Management, which contain details about allowed/prohibited functions. The profiles do not reveal any sensitive information including their usage in connected devices. This issue has been fixed...
CVE-2025-1418
CVE-2025-1418 affects the Proget MDM server (Konsola Proget). A low-privileged user could read information about profiles (which describe allowed/prohibited functions). The issue does not expose sensitive data about devices in the initial description, but it leaks profile metadata. The entry is f...
CVE-2025-1417
CVE-2025-1417 affects Proget MDM using the Konsola Proget server component. A low-privileged user can access change-logs for backups of all managed devices, exposing user IDs, email addresses, first and last names, and device UUIDs (the UUID could enable CVE-2025-1416). Exploitation requires the ...
CVE-2025-1417 Information disclosure in Proget MDM
In Proget MDM, a low-privileged user can access information about changes contained in backups of all devices managed by the MDM Mobile Device Management. This information include user ids, email addresses, first names, last names and device UUIDs. The last one can be used for exploitation of...