Lucene search
K

37 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.2 views

EUVD-2022-34682

Malicious code in bioql PyPI...

8CVSS7.8AI score0.12792EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-34681

Malicious code in bioql PyPI...

8CVSS7.8AI score0.01069EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-22139

Malicious code in bioql PyPI...

8.6CVSS6.3AI score0.0158EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-34683

Malicious code in bioql PyPI...

8CVSS7.8AI score0.01047EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/07/23 12:57 a.m.8 views

CVE-2025-36846

An issue was discovered in Eveo URVE Web Manager 27.02.2025. The application exposes a /internal/pc/vpro.php localhost endpoint to unauthenticated users that is vulnerable to OS Command Injection. The endpoint takes an input parameter that is passed directly into the shellexec function of PHP...

9.8CVSS7.3AI score0.04732EPSS
Exploits2References1
NVD
NVD
added 2025/07/21 6:15 p.m.6 views

CVE-2025-36846

An issue was discovered in Eveo URVE Web Manager 27.02.2025. The application exposes a /internal/pc/vpro.php localhost endpoint to unauthenticated users that is vulnerable to OS Command Injection. The endpoint takes an input parameter that is passed directly into the shellexec function of PHP...

9.8CVSS0.04732EPSS
Exploits1References2
NVD
NVD
added 2025/07/21 6:15 p.m.5 views

CVE-2025-36845

An issue was discovered in Eveo URVE Web Manager 27.02.2025. The endpoint /internal/redirect.php allows for Server-Side Request Forgery SSRF. The endpoint takes a URL as input, sends a request to this address, and reflects the content in the response. This can be used to request endpoints only...

8.6CVSS0.0158EPSS
Exploits1References2
CVE
CVE
added 2025/07/21 12:0 a.m.31 views

CVE-2025-36846

CVE-2025-36846 affects Eveo URVE Web Manager 27.02.2025. The issue is an OS Command Injection in the /_internal/pc/vpro.php endpoint, where an input parameter is passed directly to PHP shell_exec(), enabling arbitrary command execution. CVSS 3.1 base score 9.8 (CRITICAL) with network access, no p...

9.8CVSS7.2AI score0.04732EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2025/07/21 12:0 a.m.9 views

CVE-2025-36846

An issue was discovered in Eveo URVE Web Manager 27.02.2025. The application exposes a /internal/pc/vpro.php localhost endpoint to unauthenticated users that is vulnerable to OS Command Injection. The endpoint takes an input parameter that is passed directly into the shellexec function of PHP...

0.04732EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/07/21 12:0 a.m.4 views

CVE-2025-36846

An issue was discovered in Eveo URVE Web Manager 27.02.2025. The application exposes a /internal/pc/vpro.php localhost endpoint to unauthenticated users that is vulnerable to OS Command Injection. The endpoint takes an input parameter that is passed directly into the shellexec function of PHP...

6.8AI score0.04732EPSS
Exploits1References2
EUVD
EUVD
added 2025/07/21 12:0 a.m.7 views

EUVD-2025-22140

An issue was discovered in Eveo URVE Web Manager 27.02.2025. The application exposes a /internal/pc/vpro.php localhost endpoint to unauthenticated users that is vulnerable to OS Command Injection. The endpoint takes an input parameter that is passed directly into the shellexec function of PHP...

9.8CVSS6.3AI score0.04732EPSS
Exploits2References2
CNNVD
CNNVD
added 2025/07/21 12:0 a.m.3 views

Eveo URVE Web Manager 安全漏洞

Eveo URVE Web Manager is a digital signage management platform from Eveo, Poland. A security vulnerability exists in Eveo URVE Web Manager version 27.02.2025, which originates from the endpoint /internal/redirect.php that allows server-side request forgery...

8.6CVSS6.5AI score0.0158EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/07/21 12:0 a.m.2 views

CVE-2025-36845

An issue was discovered in Eveo URVE Web Manager 27.02.2025. The endpoint /internal/redirect.php allows for Server-Side Request Forgery SSRF. The endpoint takes a URL as input, sends a request to this address, and reflects the content in the response. This can be used to request endpoints only...

6.7AI score0.0158EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/07/21 12:0 a.m.7 views

PT-2025-30318 · Unknown · Eveo Urve Web Manager

Name of the Vulnerable Software and Affected Versions: Eveo URVE Web Manager version 27.02.2025 Description: The application exposes the / internal/pc/vpro.php endpoint to unauthenticated users, which is vulnerable to OS Command Injection. The endpoint accepts an input parameter that is directly...

9.8CVSS6.3AI score0.04732EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2025/07/21 12:0 a.m.6 views

PT-2025-30326

Name of the Vulnerable Software and Affected Versions Eveo URVE Web Manager version 27.02.2025 Description An issue exists in Eveo URVE Web Manager that allows for Server-Side Request Forgery SSRF. The / internal/redirect.php endpoint accepts a URL as input, sends a request to this address, and...

8.6CVSS6.4AI score0.0158EPSS
Exploits1References10
CVE
CVE
added 2025/07/21 12:0 a.m.27 views

CVE-2025-36845

CVE-2025-36845 affects Eveo URVE Web Manager 27.02.2025. A server-side request forgery exists in /_internal/redirect.php due to improper validation of the URL input, enabling the app server to request internal endpoints and reflect content in the response. The Nuclei template confirms the SSRF pa...

8.6CVSS7.1AI score0.0158EPSS
Exploits1References2Affected Software1
RedhatCVE
RedhatCVE
added 2025/02/05 9:27 p.m.9 views

CVE-2022-2418

A vulnerability was found in URVE Web Manager. It has been classified as critical. This affects an unknown part of the file kreator.html5/imgupload.php. The manipulation leads to unrestricted upload. Access to the local network is required for this attack. The exploit has been disclosed to the...

8CVSS6.7AI score0.01069EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 9:23 p.m.8 views

CVE-2022-2420

A vulnerability was found in URVE Web Manager. It has been rated as critical. This issue affects some unknown processing of the file internal/uploader.php. The manipulation leads to unrestricted upload. The attack needs to be approached within the local network. The exploit has been disclosed to...

8CVSS6.6AI score0.01047EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 9:21 p.m.6 views

CVE-2022-2419

A vulnerability was found in URVE Web Manager. It has been declared as critical. This vulnerability affects unknown code of the file internal/collector/upload.php. The manipulation leads to unrestricted upload. Access to the local network is required for this attack to succeed. The exploit has be...

8CVSS6.9AI score0.12792EPSS
Exploits1References1
NVD
NVD
added 2022/07/15 6:15 a.m.18 views

CVE-2022-2419

A vulnerability was found in URVE Web Manager. It has been declared as critical. This vulnerability affects unknown code of the file internal/collector/upload.php. The manipulation leads to unrestricted upload. Access to the local network is required for this attack to succeed. The exploit has be...

8CVSS0.12792EPSS
Exploits1References2
Rows per page
Query Builder