EUVD-2025-5958

Malicious code in bioql PyPI...

EUVD-2025-5959

Malicious code in bioql PyPI...

CVE-2025-53378

CVE-2025-53378 concerns Trend Micro Worry-Free Business Security Services (WFBSS) agent. The issue is a missing authentication vulnerability that could allow an unauthenticated attacker to remotely take control of the agent on affected installations. Affected product scope is limited to the SaaS ...

CVE-2025-22271

The application or its infrastructure allows for IP address spoofing by providing its own value in the "X-Forwarded-For" header. Thus, the action logging mechanism in the application loses accountability This issue affects CyberArk Endpoint Privilege Manager in SaaS version 24.7.1. The status of...

CVE-2025-22272

In the "/EPMUI/ModalDlgHandler.ashx?value=showReadonlyDlg" endpoint, it is possible to inject code in the "modalDlgMsgInternal" parameter via POST, which is then executed in the browser. The risk of exploiting vulnerability is reduced due to the required additional bypassing the...

CVE-2025-22273

Application does not limit the number or frequency of user interactions, such as the number of incoming requests. At the "/EPMUI/VfManager.asmx/ChangePassword" endpoint it is possible to perform a brute force attack on the current password in use. This issue affects CyberArk Endpoint Privilege...

CVE-2025-22274 HTML injection in CyberArk Endpoint Privilege Manager

It is possible to inject HTML code into the page content using the "content" field in the "Application definition" page. This issue affects CyberArk Endpoint Privilege Manager in SaaS version 24.7.1. The status of other versions is unknown. After multiple attempts to contact the vendor we did not...

CVE-2025-22274

CVE-2025-22274 affects CyberArk Endpoint Privilege Manager (SaaS) 24.7.1. Affected component: the HTML content entered in the Application definition page can lead to HTML injection in the page output. Root cause described in sources as an HTML injection via the content field; other versions are u...

CVE-2025-22272 Self Reflected XSS in CyberArk Endpoint Privilege Manager

In the "/EPMUI/ModalDlgHandler.ashx?value=showReadonlyDlg" endpoint, it is possible to inject code in the "modalDlgMsgInternal" parameter via POST, which is then executed in the browser. The risk of exploiting vulnerability is reduced due to the required additional bypassing the...

CVE-2025-22272

CVE-2025-22272 affects CyberArk Endpoint Privilege Manager in SaaS version 24.7.1. In the /EPMUI/ModalDlgHandler.ashx?value=showReadonlyDlg endpoint, the POST parameter modalDlgMsgInternal can be used to inject code that is executed in the browser; exploitation risk is mitigated by the need to by...

CVE-2025-22271 IP Spoofing in CyberArk Endpoint Privilege Manager

The application or its infrastructure allows for IP address spoofing by providing its own value in the "X-Forwarded-For" header. Thus, the action logging mechanism in the application loses accountability This issue affects CyberArk Endpoint Privilege Manager in SaaS version 24.7.1. The status of...

CVE-2025-22270

CVE-2025-22270 affects CyberArk Endpoint Privilege Manager (EPM) SaaS 24.7.1. An attacker with admin access to the Role Management UI can inject code by adding a new role in the name field. The risk is mitigated by an additional error that bypasses CSP, which prevents JavaScript execution but all...

PT-2025-9091 · Cyberark · Cyberark Endpoint Privilege Manager

Name of the Vulnerable Software and Affected Versions: CyberArk Endpoint Privilege Manager in SaaS version 24.7.1 Description: The issue concerns code injection in the "modalDlgMsgInternal" parameter via POST in the "/EPMUI/ModalDlgHandler.ashx?value=showReadonlyDlg" endpoint, which is then...

PT-2025-9090 · Cyberark · Cyberark Endpoint Privilege Manager

Name of the Vulnerable Software and Affected Versions: CyberArk Endpoint Privilege Manager in SaaS version 24.7.1 Description: The issue allows IP address spoofing by providing a custom value in the X-Forwarded-For header, which compromises the action logging mechanism's accountability...

Trend Micro Apex One 安全漏洞

Trend Micro Apex One is an endpoint protection software from Trend Micro. A security vulnerability exists in Trend Micro Apex One 2019 on-prem, SaaS version, which stems from forced browsing in Apex One, and can be exploited by an attacker to access the Apex One console to elevate privileges and...

Trend Micro Apex One 安全漏洞

Trend Micro Apex One is an endpoint protection software from Trend Micro. A security vulnerability exists in Trend Micro Apex One 2019 on-prem, SaaS version, which stems from a permissions issue in the Apex One Data Loss Prevention Module registry, which can be exploited by an attacker to bypass...

Distribute Reports to Email Addresses in InsightVM

Rapid7 is investing heavily in the reporting and dashboard capabilities of InsightVM. In 2021 alone, we launched the ability to filter dashboards via single query, a new report creation wizard powered by our query builder, several use-case-driven dashboard templates, and most recently, the abilit...