75 matches found
EUVD-2015-6456
Malware in sbrugna...
EUVD-2017-15067
Malware in sbrugna...
EUVD-2017-18241
Malware in sbrugna...
EUVD-2017-1471
Malware in sbrugna...
EUVD-2025-5921
Malicious code in bioql PyPI...
EUVD-2025-5488
Malicious code in bioql PyPI...
EUVD-2022-52184
Malicious code in bioql PyPI...
CVE-2024-42904
A cross-site scripting XSS vulnerability in SysPass 3.2.x allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the name parameter at /Controllers/ClientController.php...
CVE-2022-4930
A vulnerability classified as problematic was found in nuxsmin sysPass up to 3.2.4. Affected by this vulnerability is an unknown functionality of the component URL Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 3.2.5 is able to...
CVE-2017-1000192
Cygnux sysPass version 2.1.7 and older is vulnerable to a Local File Inclusion in the functionality of javascript files inclusion. The attacker can read the configuration files that contain the login and password from the database, private encryption key, as well as other sensitive information...
CVE-2025-25476
A stored cross-site scripting XSS vulnerability in SysPass 3.2.x allows a malicious user with elevated privileges to execute arbitrary Javascript code by specifying a malicious XSS payload as a notification type or notification component...
CVE-2025-25477
A host header injection vulnerability in SysPass 3.2x allows an attacker to load malicious JS files from an arbitrary domain which would be executed in the victim's browser...
CVE-2025-25478
The account file upload functionality in Syspass 3.2.x fails to properly handle special characters in filenames. This mismanagement leads to the disclosure of the web application s source code, exposing sensitive information such as the database password...
CVE-2025-25476
A stored cross-site scripting XSS vulnerability in SysPass 3.2.x allows a malicious user with elevated privileges to execute arbitrary Javascript code by specifying a malicious XSS payload as a notification type or notification component...
CVE-2025-25476
A stored cross-site scripting XSS vulnerability in SysPass 3.2.x allows a malicious user with elevated privileges to execute arbitrary Javascript code by specifying a malicious XSS payload as a notification type or notification component...
CVE-2025-25478
The account file upload functionality in Syspass 3.2.x fails to properly handle special characters in filenames. This mismanagement leads to the disclosure of the web application s source code, exposing sensitive information such as the database password...
CVE-2025-25477
A host header injection vulnerability in SysPass 3.2x allows an attacker to load malicious JS files from an arbitrary domain which would be executed in the victim's browser...
CVE-2025-25477
A host header injection vulnerability in SysPass 3.2x allows an attacker to load malicious JS files from an arbitrary domain which would be executed in the victim's browser...
CVE-2025-25478
The account file upload functionality in Syspass 3.2.x fails to properly handle special characters in filenames. This mismanagement leads to the disclosure of the web application s source code, exposing sensitive information such as the database password...
PT-2025-9140 · Syspass · Syspass
Name of the Vulnerable Software and Affected Versions: Syspass versions 3.2.x Description: The account file upload functionality in Syspass fails to properly handle special characters in filenames, leading to the disclosure of the web application's source code and exposing sensitive information...