EUVD-2025-25378

Malicious code in bioql PyPI...

FUJIFILM Healthcare Americas Synapse Mobility vulnerable to Privilege Escalation

Overview Synapse Mobility provided by FUJIFILM Healthcare Americas Corporation is vulnerable to privilege escalation. Privilege escalation vulnerability through external control of Web parameter CWE-472 - CVE-2025-54551 Christopher Alejandro Moroco reported this vulnerability to CISA ICS...

CVE-2025-54551

CVE-2025-54551 affects Fujifilm Synapse Mobility (Synapse Mobility) versions 8.0–8.1.1. The root cause is privilege escalation via external control of Web parameters (CWE-472), allowing a user to bypass RBAC and access data beyond their permissions by altering search parameters. Public sources (N...

External Control of Assumed-Immutable Web Parameter

Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to External Control of Assumed-Immutable Web Parameter due to missing sanitization of the return URL requested by the client. This allows an attacker to introduce arbitrary values to a known loc...

Siemens Desigo PX Devices

1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION : Exploitable remotely/low skill level to exploit Vendor : Siemens Equipment : Desigo PX Devices Vulnerability : External Control of Assumed-Immutable Web Parameter 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker...