CVE-2025-13649

An attacker with access to the web application ZeusWeb of the provider Microcom in this case, registration is not necessary, but the action must be performed who has the vulnerable software could introduce arbitrary JavaScript by injecting an XSS payload into the ‘Email’ parameters within the...

EUVD-2025-25961

Malicious code in bioql PyPI...

PT-2024-20393 · Github · Github Enterprise Server

Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions prior to 3.13 GitHub Enterprise Server versions 3.8.17, 3.9.12, 3.10.9, 3.11.7, and 3.12.1 are not affected as they contain the fix, so the correct range is: GitHub Enterprise Server versions prior to 3.8.17,...

PT-2023-20509 · Bwm-Ng · Bwm-Ng

Name of the Vulnerable Software and Affected Versions: bwm-ng affected versions not specified Description: The issue is related to Command Injection due to improper input sanitization in the check function in the bwm-ng.js file. To potentially exploit this, an attacker needs the ability to run...

PT-2020-3825 · Microsoft · Windows Work Folder Service +1

Name of the Vulnerable Software and Affected Versions: Windows Work Folders Service affected versions not specified Description: The issue is related to incorrect handling of file operations or memory by the Windows Work Folders Service, which can allow an attacker to elevate their privileges usi...

PT-2020-12433

Name of the Vulnerable Software and Affected Versions Arm Mbed TLS versions 2.16.6 and earlier Arm Mbed TLS versions 2.7.x through 2.7.14 Description An issue was discovered in Arm Mbed TLS where an attacker can recover the long-term ECDSA private key by exploiting side channels in the conversion...