74 matches found
Eveo URVE Web Manager - Server-Side Request Forgery
Eveo URVE Web Manager 27.02.2025 contains a server-side request forgery caused by improper validation of URL input in /internal/redirect.php, letting attackers make requests to internal endpoints, exploit requires crafted URL input. id: CVE-2025-36845 info: name: Eveo URVE Web Manager - Server-Si...
CVE-2025-10348
URVE Smart Office is vulnerable to Stored XSS in report problem functionality. An attacker with a low-privileged account can upload an SVG file containing a malicious payload, which will be executed when a victim visits the URL of the uploaded resource. The resource is available to anyone without...
CVE-2025-10348 Stored Cross-Site Scripting in URVE Smart Office
URVE Smart Office is vulnerable to Stored XSS in report problem functionality. An attacker with a low-privileged account can upload an SVG file containing a malicious payload, which will be executed when a victim visits the URL of the uploaded resource. The resource is available to anyone without...
URVE Smart Office 跨站脚本漏洞
URVE Smart Office is a smart office resource management system from URVE Smart Office, Poland. A cross-site scripting vulnerability exists in URVE Smart Office versions prior to 1.1.24, which stems from the presence of stored cross-site scripting in the function reporting the issue, which could...
PT-2025-44401
Name of the Vulnerable Software and Affected Versions URVE Smart Office versions prior to 1.1.24 Description URVE Smart Office is susceptible to a Stored Cross-Site Scripting XSS issue within the report problem functionality. An attacker possessing a low-privileged account can upload a Scalable...
EUVD-2020-21917
Malware in sbrugna...
EUVD-2020-21918
Malware in sbrugna...
EUVD-2025-22139
Malicious code in bioql PyPI...
EUVD-2022-34683
Malicious code in bioql PyPI...
EUVD-2022-34681
Malicious code in bioql PyPI...
EUVD-2022-34682
Malicious code in bioql PyPI...
CVE-2025-36845
An issue was discovered in Eveo URVE Web Manager 27.02.2025. The endpoint /internal/redirect.php allows for Server-Side Request Forgery SSRF. The endpoint takes a URL as input, sends a request to this address, and reflects the content in the response. This can be used to request endpoints only...
CVE-2025-36846
An issue was discovered in Eveo URVE Web Manager 27.02.2025. The application exposes a /internal/pc/vpro.php localhost endpoint to unauthenticated users that is vulnerable to OS Command Injection. The endpoint takes an input parameter that is passed directly into the shellexec function of PHP...
CVE-2025-36846
An issue was discovered in Eveo URVE Web Manager 27.02.2025. The application exposes a /internal/pc/vpro.php localhost endpoint to unauthenticated users that is vulnerable to OS Command Injection. The endpoint takes an input parameter that is passed directly into the shellexec function of PHP...
CVE-2025-36845
An issue was discovered in Eveo URVE Web Manager 27.02.2025. The endpoint /internal/redirect.php allows for Server-Side Request Forgery SSRF. The endpoint takes a URL as input, sends a request to this address, and reflects the content in the response. This can be used to request endpoints only...
CVE-2025-36845
An issue was discovered in Eveo URVE Web Manager 27.02.2025. The endpoint /internal/redirect.php allows for Server-Side Request Forgery SSRF. The endpoint takes a URL as input, sends a request to this address, and reflects the content in the response. This can be used to request endpoints only...
CVE-2025-36845
An issue was discovered in Eveo URVE Web Manager 27.02.2025. The endpoint /internal/redirect.php allows for Server-Side Request Forgery SSRF. The endpoint takes a URL as input, sends a request to this address, and reflects the content in the response. This can be used to request endpoints only...
PT-2025-30318 · Unknown · Eveo Urve Web Manager
Name of the Vulnerable Software and Affected Versions: Eveo URVE Web Manager version 27.02.2025 Description: The application exposes the / internal/pc/vpro.php endpoint to unauthenticated users, which is vulnerable to OS Command Injection. The endpoint accepts an input parameter that is directly...
EUVD-2025-22140
An issue was discovered in Eveo URVE Web Manager 27.02.2025. The application exposes a /internal/pc/vpro.php localhost endpoint to unauthenticated users that is vulnerable to OS Command Injection. The endpoint takes an input parameter that is passed directly into the shellexec function of PHP...
Eveo URVE Web Manager 安全漏洞
Eveo URVE Web Manager is a digital signage management platform from Eveo, Poland. A security vulnerability exists in Eveo URVE Web Manager version 27.02.2025, which originates in the endpoint /internal/pc/vpro.php allowing OS command injection...