371 matches found
EUVD-2024-46527
Malicious code in bioql PyPI...
EUVD-2022-3709
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2020-29668
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Sympa before 6.2.59b.2 allows remote attackers to obtain full SOAP API access by sending any arbitrary string except one from an expired cookie as the cookie...
CVE-2025-6438
A CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could cause manipulation of SOAP API calls and XML external entities injection resulting in unauthorized file access when the server is accessed via the network using an application account...
CVE-2025-6438
A CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could cause manipulation of SOAP API calls and XML external entities injection resulting in unauthorized file access when the server is accessed via the network using an application account...
CVE-2025-6438
Schneider Electric EcoStruxure IT Data Center Expert (prior to 9.0; affected versions 8.3 and earlier) is affected by CVE-2025-6438: XML External Entity (XXE) injection via the DataExchange SOAP route, enabling unauthenticated or low-privilege exploitation to read local files and potentially caus...
CVE-2025-6438
A CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could cause manipulation of SOAP API calls and XML external entities injection resulting in unauthorized file access when the server is accessed via the network using an application account...
CVE-2025-6438
A CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could cause manipulation of SOAP API calls and XML external entities injection resulting in unauthorized file access when the server is accessed via the network using an application account...
PT-2025-29222 · Schneider Electric · Ecostruxure Data Center Expert
Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. affected versions not specified Description: An improper restriction of XML external entity reference issue exists, potentially allowing manipulation of SOAP API calls and XML external entities injection...
Vulnerabilities fixed in Schneider Electric EcoStruxture IT Datacenter Expert
Schneider Electric has fixed vulnerabilities in EcoStruxture IT Datacenter Expert. The vulnerabilities include insufficient control over special elements in OS commands, which can result in unauthenticated external code execution. In addition, there is an issue with insufficient entropy in passwo...
CVE-2023-47032
Password Vulnerability in NCR Terminal Handler v.1.5.1 allows a remote attacker to execute arbitrary code via a crafted script to the UserService SOAP API function...
CVE-2023-47298
An issue in NCR Terminal Handler 1.5.1 allows a low-level privileged authenticated attacker to query the SOAP API endpoint to obtain information about all of the users of the application including their usernames, roles, security groups and account statuses...
CVE-2023-47031
An issue in NCR Terminal Handler v.1.5.1 allows a remote attacker to escalate privileges via a crafted POST request to the grantRolesToUsers, grantRolesToGroups, and grantRolesToOrganization SOAP API component...
CVE-2023-47030
An issue in NCR Terminal Handler v.1.5.1 allows a remote attacker to execute arbitrary code and obtain sensitive information via a GET request to a UserService SOAP API endpoint to validate if a user exists...
CVE-2023-47030
An issue in NCR Terminal Handler v.1.5.1 allows a remote attacker to execute arbitrary code and obtain sensitive information via a GET request to a UserService SOAP API endpoint to validate if a user exists...
CVE-2023-47031
An issue in NCR Terminal Handler v.1.5.1 allows a remote attacker to escalate privileges via a crafted POST request to the grantRolesToUsers, grantRolesToGroups, and grantRolesToOrganization SOAP API component...
CVE-2023-47032
Password Vulnerability in NCR Terminal Handler v.1.5.1 allows a remote attacker to execute arbitrary code via a crafted script to the UserService SOAP API function...
CVE-2023-47298
An issue in NCR Terminal Handler 1.5.1 allows a low-level privileged authenticated attacker to query the SOAP API endpoint to obtain information about all of the users of the application including their usernames, roles, security groups and account statuses...
CVE-2023-47298
An issue in NCR Terminal Handler 1.5.1 allows a low-level privileged authenticated attacker to query the SOAP API endpoint to obtain information about all of the users of the application including their usernames, roles, security groups and account statuses...
CVE-2023-47298
CVE-2023-47298 affects NCR Terminal Handler 1.5.1. The issue is broken access control on the SOAP API endpoint, allowing a low-privilege authenticated user to query and obtain information about all application users, including usernames, roles, security groups, and account statuses. Public refere...