37 matches found
EUVD-2022-34683
Malicious code in bioql PyPI...
EUVD-2022-34681
Malicious code in bioql PyPI...
EUVD-2025-22139
Malicious code in bioql PyPI...
EUVD-2022-34682
Malicious code in bioql PyPI...
CVE-2025-36846
An issue was discovered in Eveo URVE Web Manager 27.02.2025. The application exposes a /internal/pc/vpro.php localhost endpoint to unauthenticated users that is vulnerable to OS Command Injection. The endpoint takes an input parameter that is passed directly into the shellexec function of PHP...
CVE-2025-36846
An issue was discovered in Eveo URVE Web Manager 27.02.2025. The application exposes a /internal/pc/vpro.php localhost endpoint to unauthenticated users that is vulnerable to OS Command Injection. The endpoint takes an input parameter that is passed directly into the shellexec function of PHP...
CVE-2025-36845
An issue was discovered in Eveo URVE Web Manager 27.02.2025. The endpoint /internal/redirect.php allows for Server-Side Request Forgery SSRF. The endpoint takes a URL as input, sends a request to this address, and reflects the content in the response. This can be used to request endpoints only...
CVE-2025-36846
CVE-2025-36846 affects Eveo URVE Web Manager 27.02.2025. The issue is an OS Command Injection in the /_internal/pc/vpro.php endpoint, where an input parameter is passed directly to PHP shell_exec(), enabling arbitrary command execution. CVSS 3.1 base score 9.8 (CRITICAL) with network access, no p...
CVE-2025-36846
An issue was discovered in Eveo URVE Web Manager 27.02.2025. The application exposes a /internal/pc/vpro.php localhost endpoint to unauthenticated users that is vulnerable to OS Command Injection. The endpoint takes an input parameter that is passed directly into the shellexec function of PHP...
CVE-2025-36846
An issue was discovered in Eveo URVE Web Manager 27.02.2025. The application exposes a /internal/pc/vpro.php localhost endpoint to unauthenticated users that is vulnerable to OS Command Injection. The endpoint takes an input parameter that is passed directly into the shellexec function of PHP...
EUVD-2025-22140
An issue was discovered in Eveo URVE Web Manager 27.02.2025. The application exposes a /internal/pc/vpro.php localhost endpoint to unauthenticated users that is vulnerable to OS Command Injection. The endpoint takes an input parameter that is passed directly into the shellexec function of PHP...
Eveo URVE Web Manager 安全漏洞
Eveo URVE Web Manager is a digital signage management platform from Eveo, Poland. A security vulnerability exists in Eveo URVE Web Manager version 27.02.2025, which originates from the endpoint /internal/redirect.php that allows server-side request forgery...
CVE-2025-36845
An issue was discovered in Eveo URVE Web Manager 27.02.2025. The endpoint /internal/redirect.php allows for Server-Side Request Forgery SSRF. The endpoint takes a URL as input, sends a request to this address, and reflects the content in the response. This can be used to request endpoints only...
PT-2025-30318 · Unknown · Eveo Urve Web Manager
Name of the Vulnerable Software and Affected Versions: Eveo URVE Web Manager version 27.02.2025 Description: The application exposes the / internal/pc/vpro.php endpoint to unauthenticated users, which is vulnerable to OS Command Injection. The endpoint accepts an input parameter that is directly...
PT-2025-30326
Name of the Vulnerable Software and Affected Versions Eveo URVE Web Manager version 27.02.2025 Description An issue exists in Eveo URVE Web Manager that allows for Server-Side Request Forgery SSRF. The / internal/redirect.php endpoint accepts a URL as input, sends a request to this address, and...
CVE-2025-36845
CVE-2025-36845 affects Eveo URVE Web Manager 27.02.2025. A server-side request forgery exists in /_internal/redirect.php due to improper validation of the URL input, enabling the app server to request internal endpoints and reflect content in the response. The Nuclei template confirms the SSRF pa...
CVE-2022-2418
A vulnerability was found in URVE Web Manager. It has been classified as critical. This affects an unknown part of the file kreator.html5/imgupload.php. The manipulation leads to unrestricted upload. Access to the local network is required for this attack. The exploit has been disclosed to the...
CVE-2022-2420
A vulnerability was found in URVE Web Manager. It has been rated as critical. This issue affects some unknown processing of the file internal/uploader.php. The manipulation leads to unrestricted upload. The attack needs to be approached within the local network. The exploit has been disclosed to...
CVE-2022-2419
A vulnerability was found in URVE Web Manager. It has been declared as critical. This vulnerability affects unknown code of the file internal/collector/upload.php. The manipulation leads to unrestricted upload. Access to the local network is required for this attack to succeed. The exploit has be...
CVE-2022-2419
A vulnerability was found in URVE Web Manager. It has been declared as critical. This vulnerability affects unknown code of the file internal/collector/upload.php. The manipulation leads to unrestricted upload. Access to the local network is required for this attack to succeed. The exploit has be...