A SQL injection vulnerability in timeoutWarning.asp in Advantive VeraCore through 2025.1.0 allows remote attackers to execute arbitrary SQL commands via the PmSess1 parameter.
https://www.securityweek.com/cisa-warns-of-ivanti-epm-vulnerability-exploitation/
https://thehackernews.com/2025/03/cisa-adds-five-actively-exploited.html
https://www.darkreading.com/cyber-risk/xe-group-shifts-card-skimming-supply-chain-attacks
https://thehackernews.com/2025/02/xe-hacker-group-exploits-veracore-zero.html