Eveo URVE Web Manager - Server-Side Request Forgery

Eveo URVE Web Manager 27.02.2025 contains a server-side request forgery caused by improper validation of URL input in /internal/redirect.php, letting attackers make requests to internal endpoints, exploit requires crafted URL input. id: CVE-2025-36845 info: name: Eveo URVE Web Manager - Server-Si...

CVE-2025-10348

URVE Smart Office is vulnerable to Stored XSS in report problem functionality. An attacker with a low-privileged account can upload an SVG file containing a malicious payload, which will be executed when a victim visits the URL of the uploaded resource. The resource is available to anyone without...

CVE-2025-10348 Stored Cross-Site Scripting in URVE Smart Office

URVE Smart Office is vulnerable to Stored XSS in report problem functionality. An attacker with a low-privileged account can upload an SVG file containing a malicious payload, which will be executed when a victim visits the URL of the uploaded resource. The resource is available to anyone without...

URVE Smart Office 跨站脚本漏洞

URVE Smart Office is a smart office resource management system from URVE Smart Office, Poland. A cross-site scripting vulnerability exists in URVE Smart Office versions prior to 1.1.24, which stems from the presence of stored cross-site scripting in the function reporting the issue, which could...

PT-2025-44401

Name of the Vulnerable Software and Affected Versions URVE Smart Office versions prior to 1.1.24 Description URVE Smart Office is susceptible to a Stored Cross-Site Scripting XSS issue within the report problem functionality. An attacker possessing a low-privileged account can upload a Scalable...

EUVD-2020-21917

Malware in sbrugna...

EUVD-2020-21918

Malware in sbrugna...

EUVD-2022-34681

Malicious code in bioql PyPI...

EUVD-2022-34683

Malicious code in bioql PyPI...

EUVD-2022-34682

Malicious code in bioql PyPI...

EUVD-2025-22139

Malicious code in bioql PyPI...

CVE-2025-36845

An issue was discovered in Eveo URVE Web Manager 27.02.2025. The endpoint /internal/redirect.php allows for Server-Side Request Forgery SSRF. The endpoint takes a URL as input, sends a request to this address, and reflects the content in the response. This can be used to request endpoints only...

CVE-2025-36846

An issue was discovered in Eveo URVE Web Manager 27.02.2025. The application exposes a /internal/pc/vpro.php localhost endpoint to unauthenticated users that is vulnerable to OS Command Injection. The endpoint takes an input parameter that is passed directly into the shellexec function of PHP...

CVE-2025-36846

An issue was discovered in Eveo URVE Web Manager 27.02.2025. The application exposes a /internal/pc/vpro.php localhost endpoint to unauthenticated users that is vulnerable to OS Command Injection. The endpoint takes an input parameter that is passed directly into the shellexec function of PHP...

CVE-2025-36845

An issue was discovered in Eveo URVE Web Manager 27.02.2025. The endpoint /internal/redirect.php allows for Server-Side Request Forgery SSRF. The endpoint takes a URL as input, sends a request to this address, and reflects the content in the response. This can be used to request endpoints only...

CVE-2025-36845

An issue was discovered in Eveo URVE Web Manager 27.02.2025. The endpoint /internal/redirect.php allows for Server-Side Request Forgery SSRF. The endpoint takes a URL as input, sends a request to this address, and reflects the content in the response. This can be used to request endpoints only...

EUVD-2025-22140

An issue was discovered in Eveo URVE Web Manager 27.02.2025. The application exposes a /internal/pc/vpro.php localhost endpoint to unauthenticated users that is vulnerable to OS Command Injection. The endpoint takes an input parameter that is passed directly into the shellexec function of PHP...

PT-2025-30326

Name of the Vulnerable Software and Affected Versions Eveo URVE Web Manager version 27.02.2025 Description An issue exists in Eveo URVE Web Manager that allows for Server-Side Request Forgery SSRF. The / internal/redirect.php endpoint accepts a URL as input, sends a request to this address, and...

CVE-2025-36846

CVE-2025-36846 affects Eveo URVE Web Manager 27.02.2025. The issue is an OS Command Injection in the /_internal/pc/vpro.php endpoint, where an input parameter is passed directly to PHP shell_exec(), enabling arbitrary command execution. CVSS 3.1 base score 9.8 (CRITICAL) with network access, no p...

CVE-2025-36845

An issue was discovered in Eveo URVE Web Manager 27.02.2025. The endpoint /internal/redirect.php allows for Server-Side Request Forgery SSRF. The endpoint takes a URL as input, sends a request to this address, and reflects the content in the response. This can be used to request endpoints only...