20 matches found
EUVD-2025-5959
Malicious code in bioql PyPI...
CVE-2025-22271
The application or its infrastructure allows for IP address spoofing by providing its own value in the "X-Forwarded-For" header. Thus, the action logging mechanism in the application loses accountability This issue affects CyberArk Endpoint Privilege Manager in SaaS version 24.7.1. The status of...
CVE-2025-22273
Application does not limit the number or frequency of user interactions, such as the number of incoming requests. At the "/EPMUI/VfManager.asmx/ChangePassword" endpoint it is possible to perform a brute force attack on the current password in use. This issue affects CyberArk Endpoint Privilege...
CVE-2025-22274 HTML injection in CyberArk Endpoint Privilege Manager
It is possible to inject HTML code into the page content using the "content" field in the "Application definition" page. This issue affects CyberArk Endpoint Privilege Manager in SaaS version 24.7.1. The status of other versions is unknown. After multiple attempts to contact the vendor we did not...
CVE-2025-22274 HTML injection in CyberArk Endpoint Privilege Manager
It is possible to inject HTML code into the page content using the "content" field in the "Application definition" page. This issue affects CyberArk Endpoint Privilege Manager in SaaS version 24.7.1. The status of other versions is unknown. After multiple attempts to contact the vendor we did not...
CVE-2025-22272 Self Reflected XSS in CyberArk Endpoint Privilege Manager
In the "/EPMUI/ModalDlgHandler.ashx?value=showReadonlyDlg" endpoint, it is possible to inject code in the "modalDlgMsgInternal" parameter via POST, which is then executed in the browser. The risk of exploiting vulnerability is reduced due to the required additional bypassing the...
CVE-2025-22272
CVE-2025-22272 affects CyberArk Endpoint Privilege Manager in SaaS version 24.7.1. In the /EPMUI/ModalDlgHandler.ashx?value=showReadonlyDlg endpoint, the POST parameter modalDlgMsgInternal can be used to inject code that is executed in the browser; exploitation risk is mitigated by the need to by...
CVE-2025-22271 IP Spoofing in CyberArk Endpoint Privilege Manager
The application or its infrastructure allows for IP address spoofing by providing its own value in the "X-Forwarded-For" header. Thus, the action logging mechanism in the application loses accountability This issue affects CyberArk Endpoint Privilege Manager in SaaS version 24.7.1. The status of...
CVE-2025-22270
CVE-2025-22270 affects CyberArk Endpoint Privilege Manager (EPM) SaaS 24.7.1. An attacker with admin access to the Role Management UI can inject code by adding a new role in the name field. The risk is mitigated by an additional error that bypasses CSP, which prevents JavaScript execution but all...
CyberArk Endpoint Privilege Manager 安全漏洞
CyberArk Endpoint Privilege Manager is a privilege management software from the Israeli company CyberArk. The software includes features such as privilege management, application control and credential loss protection. A security vulnerability exists in CyberArk Endpoint Privilege Manager version...
CyberArk Endpoint Privilege Manager 安全漏洞
CyberArk Endpoint Privilege Manager is a privilege management software from the Israeli company CyberArk. The software includes features such as privilege management, application control and credential loss protection. A security vulnerability exists in CyberArk Endpoint Privilege Manager version...
CyberArk Endpoint Privilege Manager 安全漏洞
CyberArk Endpoint Privilege Manager is a privilege management software from the Israeli company CyberArk. The software includes features such as privilege management, application control and credential loss protection. A security vulnerability exists in CyberArk Endpoint Privilege Manager version...
CyberArk Endpoint Privilege Manager 安全漏洞
CyberArk Endpoint Privilege Manager is a privilege management software from the Israeli company CyberArk. The software includes features such as privilege management, application control and credential loss protection. A security vulnerability exists in CyberArk Endpoint Privilege Manager version...
PT-2025-9091 · Cyberark · Cyberark Endpoint Privilege Manager
Name of the Vulnerable Software and Affected Versions: CyberArk Endpoint Privilege Manager in SaaS version 24.7.1 Description: The issue concerns code injection in the "modalDlgMsgInternal" parameter via POST in the "/EPMUI/ModalDlgHandler.ashx?value=showReadonlyDlg" endpoint, which is then...
CVE-2024-41656
Sentry vulnerability CVE-2024-41656 affects self-hosted Sentry versions 10.0.0 to before 24.7.1, where an unsanitized payload from an Integration platform could store arbitrary HTML that is later rendered on the Issues page. The issue is mitigated for Sentry SaaS (already patched) and on sentry.i...
CVE-2024-41656 Sentry vulnerable to stored Cross-Site Scripting (XSS)
Sentry is an error tracking and performance monitoring platform. Starting in version 10.0.0 and prior to version 24.7.1, an unsanitized payload sent by an Integration platform integration allows storing arbitrary HTML tags on the Sentry side with the subsequent rendering them on the Issues page...
Cross site scripting
Adobe Photoshop versions 24.7.1 and earlier and 25.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...
Vulnerabilities fixed in Adobe Photoshop
Adobe has fixed vulnerabilities in Photoshop. A malicious person can exploit the vulnerabilities to execute arbitrary code with privileges of the victim and to gain access to sensitive data in the victim's context. Successful exploitation requires the malicious party to trick the victim into...
PT-2023-7138 · Adobe · Photoshop
Name of the Vulnerable Software and Affected Versions: Adobe Photoshop versions 24.7.1 and earlier Adobe Photoshop versions 25.0 and earlier Description: The issue is related to an out-of-bounds read in memory, which could allow an attacker to bypass the Address Space Layout Randomization ASLR...
PT-2023-7139 · Adobe · Photoshop
Name of the Vulnerable Software and Affected Versions: Adobe Photoshop versions 24.7.1 and earlier Adobe Photoshop versions 25.0 and earlier Description: The issue is related to an out-of-bounds read in memory, which could allow an attacker to bypass the Address Space Layout Randomization ASLR...