CVE-2026-3120 RCE in Profelis Informatics' SambaBox

Improper Control of Generation of Code 'Code Injection' vulnerability in Profelis Information and Consulting Trade and Industry Limited Company SambaBox allows OS Command Injection. This issue affects SambaBox: from 5.1 before 5.3...

CVE-2026-3120

Affected product: SambaBox (Profelis Information and Consulting) – versions 5.1 up to 5.3 (exclusive). Issue: Improper control of code generation leading to OS command injection. This is a network-vector vulnerability with no user interaction, potentially enabling remote command execution; CVSSv3...

EUVD-2026-26945

Improper Control of Generation of Code 'Code Injection' vulnerability in Profelis Information and Consulting Trade and Industry Limited Company SambaBox allows OS Command Injection. This issue affects SambaBox: from 5.1 before 5.3...

EUVD-2022-30279

Malicious code in bioql PyPI...

EUVD-2025-13110

Malicious code in bioql PyPI...

CVE-2025-2488

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Profelis Informatics SambaBox allows Cross-Site Scripting XSS. This issue affects SambaBox: before 5.1...

CVE-2025-2421

Improper Control of Generation of Code 'Code Injection' vulnerability in Profelis Informatics SambaBox allows Code Injection. This issue affects SambaBox: before 5.1...

CVE-2025-2488 XSS in Profelis Informatics' SambaBox

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Profelis Informatics SambaBox allows Cross-Site Scripting XSS. This issue affects SambaBox: before 5.1...

CVE-2025-2488

CVE-2025-2488 affects SambaBox by Profelis Informatics. The vulnerability is an XSS due to improper neutralization of input during web page generation, impacting SambaBox versions before 5.1. Technical details across connected sources confirm the affected component (web page generation), root cau...

CVE-2025-2421 Remote Code Execution in Profelis Informatics' SambaBox

Improper Control of Generation of Code 'Code Injection' vulnerability in Profelis Informatics SambaBox allows Code Injection. This issue affects SambaBox: before 5.1...

CVE-2025-2421 Remote Code Execution in Profelis Informatics' SambaBox

Improper Control of Generation of Code 'Code Injection' vulnerability in Profelis Informatics SambaBox allows Code Injection. This issue affects SambaBox: before 5.1...

CVE-2022-25620

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Group Functionality of Profelis IT Consultancy SambaBox allows AUTHENTICATED user to cause execute arbitrary codes on the vulnerable server. This issue affects: Profelis IT Consultancy SambaBox 4.0 versio...

CVE-2022-25620

CVE-2022-25620 describes a stored XSS vulnerability in the Groups feature of Profelis IT Consultancy SambaBox, allowing an authenticated user to execute arbitrary code on the vulnerable server due to improper neutralization of script-related HTML tags. Affected: SambaBox 4.0 and earlier on x86. R...

Profelis IT Consultancy SambaBox 命令注入漏洞

Profelis IT Consultancy SambaBox is an enterprise directory solution from Profelis IT Consultancy. A security vulnerability exists in Profelis IT Consultancy SambaBox x86 4.0 and prior versions, which stems from the improper neutralization of a special element used in the command "command...