21 matches found
EUVD-2025-10903
Malicious code in bioql PyPI...
EUVD-2025-10902
Malicious code in bioql PyPI...
EUVD-2025-10907
Malicious code in bioql PyPI...
CVE-2025-22372
Insufficiently Protected Credentials vulnerability in SicommNet BASEC on SaaS allows Password Recovery. Passwords are either stored in plain text using reversible encryption, allowing an attacker with sufficient privileges to extract plain text passwords easily. This issue affects BASEC: from 14...
CVE-2025-22371
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in SicommNet BASEC SaaS Service login page allows an unauthenticated remote attacker to Bypass Authentication and execute arbitrary SQL commands.This issue at least affects BASEC for the date of 14 De...
SicommNet multiple vulnerabilities
RISK EVALUATION SicommNET BASEC is an online eProcurement solution used by governments and other entities. Multiple vulnerabilities have been found in BASEC. These vulnerabilities allow a remote, unauthenticated attacker to gain administrative privileges, read user passwords, and obtain...
CVE-2025-22372
Insufficiently Protected Credentials vulnerability in SicommNet BASEC on SaaS allows Password Recovery. Passwords are either stored in plain text using reversible encryption, allowing an attacker with sufficient privileges to extract plain text passwords easily. This issue affects BASEC: from 14...
CVE-2025-22373
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in SicommNet BASEC on SaaS allows Reflected XSS, XSS Through HTTP Query Strings, Rendering of Arbitrary HTML and alternation of CSS Styles This issue affects BASEC: from 14 Dec 2021...
CVE-2025-22371
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in SicommNet BASEC SaaS Service login page allows an unauthenticated remote attacker to Bypass Authentication and execute arbitrary SQL commands.This issue at least affects BASEC for the date of 14 De...
CVE-2025-22371
CVE-2025-22371 affects SicommNet BASEC (SaaS) login page. A SQL Injection flaw in the authentication flow allows an unauthenticated remote attacker to bypass login and execute arbitrary SQL commands. The vulnerability is described as present at least since 14 Dec 2021 and likely earlier. Accordin...
CVE-2025-22373 XSS, HTML and Style injection on login page
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in SicommNet BASEC on SaaS allows Reflected XSS, XSS Through HTTP Query Strings, Rendering of Arbitrary HTML and alternation of CSS Styles This issue affects BASEC: from 14 Dec 2021...
CVE-2025-22373
CVE-2025-22373 targets SicommNet BASEC (SaaS) and centers on Improper Neutralization of Input During Web Page Generation, i.e., a Reflected XSS vulnerability that can be triggered via input and HTTP query strings to render arbitrary HTML and alter CSS styles. Affected component is BASEC on SaaS, ...
CVE-2025-22373 XSS, HTML and Style injection on login page
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in SicommNet BASEC on SaaS allows Reflected XSS, XSS Through HTTP Query Strings, Rendering of Arbitrary HTML and alternation of CSS Styles This issue affects BASEC: from 14 Dec 2021...
CVE-2025-22371 SQL-injection in admin_login_handler allows unauthenticated user to log in as an administrator in SicommNet BASEC
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in SicommNet BASEC SaaS Service login page allows an unauthenticated remote attacker to Bypass Authentication and execute arbitrary SQL commands.This issue at least affects BASEC for the date of 14 De...
CVE-2025-22372 Insecure password storage in SicommNet BASEC
Insufficiently Protected Credentials vulnerability in SicommNet BASEC on SaaS allows Password Recovery. Passwords are either stored in plain text using reversible encryption, allowing an attacker with sufficient privileges to extract plain text passwords easily. This issue affects BASEC: from 14...
CVE-2025-22371 SQL-injection in admin_login_handler allows unauthenticated user to log in as an administrator in SicommNet BASEC
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in SicommNet BASEC SaaS Service login page allows an unauthenticated remote attacker to Bypass Authentication and execute arbitrary SQL commands.This issue at least affects BASEC for the date of 14 De...
CVE-2025-22372 Insecure password storage in SicommNet BASEC
Insufficiently Protected Credentials vulnerability in SicommNet BASEC on SaaS allows Password Recovery. Passwords are either stored in plain text using reversible encryption, allowing an attacker with sufficient privileges to extract plain text passwords easily. This issue affects BASEC: from 14...
PT-2025-16253 · Unknown · Sicommnet Basec
Name of the Vulnerable Software and Affected Versions: SicommNet BASEC SaaS Service versions prior to the fixed version, which is not specified. Description: The issue is related to an SQL Injection vulnerability in the login page of SicommNet BASEC, allowing an unauthenticated remote attacker to...
PT-2025-16255 · Unknown · Sicommnet Basec
Name of the Vulnerable Software and Affected Versions: SicommNet BASEC versions from 14 Dec 2021 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Reflected XSS, XSS Through HTTP Query Strings,...
SicommNet BASEC 安全漏洞
SicommNet BASEC is an agent solution from SicommNet, Inc. A security vulnerability exists in SicommNet BASEC that stems from insufficient credential protection and could lead to password recovery attacks...