CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Multiple SQL injection vulnerabilities in EasyVirt DCScope = 8.6.4 and CO2Scope = 1.3.4 allows remote authenticated attackers to execute arbitrary SQL commands via the 1 timeago, 2 user, 3 filter, 4 target, 5 p1, 6 p2, 7 p3, 8 p4, 9 p5, 10 p6, 11 p7, 12 p8, 13 p9, 14 p10, 15 p11, 16 p12, 17 p13, ...

6.5CVSS8.6AI score0.00122EPSS

Exploits0References1

NVD•added 2025/04/25 3:15 p.m.•8 views

CVE-2025-28076

6.5CVSS0.00122EPSS

Exploits0References2

Vulnrichment•added 2025/04/25 12:0 a.m.•7 views

CVE-2025-28076

8.2AI score0.00122EPSS

Exploits0References2

CVE•added 2025/04/25 12:0 a.m.•45 views

CVE-2025-28076

CVE-2025-28076 describes multiple SQL injection vulnerabilities in EasyVirt DCScope prior to or at 8.6.4 and EasyVirt CO2Scope prior to or at 1.3.4. The root cause is unsafely handled user-supplied parameters across API endpoints, allowing remote authenticated attackers to execute arbitrary SQL c...

6.5CVSS8.2AI score0.00122EPSS

Exploits0References2

Cvelist•added 2025/04/25 12:0 a.m.•11 views

CVE-2025-28076

0.00122EPSS

Exploits0References2

Positive Technologies•added 2025/04/25 12:0 a.m.•4 views

PT-2025-17907 · Easyvirt · Easyvirt Co2Scope +1

Name of the Vulnerable Software and Affected Versions: EasyVirt DCScope versions 8.6.4 and earlier EasyVirt CO2Scope versions 1.3.4 and earlier Description: The issue allows remote authenticated attackers to execute arbitrary SQL commands. This can be achieved via various parameters to specific A...

6.5CVSS7.2AI score0.00122EPSS

Exploits0References4

RedhatCVE•added 2025/02/11 10:28 p.m.•4 views

CVE-2024-55062

Code Injection vulnerability in EasyVirt DCScope = 8.6.0 and CO2Scope = 1.3.0 allows remote unauthenticated attackers to execute arbitrary code to /api/license/sendlicense/...

9.8CVSS8.4AI score0.04957EPSS

Exploits1References1

RedhatCVE•added 2025/02/10 11:23 p.m.•6 views

CVE-2024-53357

Multiple SQL injection vulnerabilities in EasyVirt DCScope = 8.6.0 and CO2Scope = 1.3.0 allows remote authenticated attackers, with low privileges, to 1 add an admin user via the /api/user/addalias route; 2 modifiy a user via the /api/user/updatealiasroute; 4 delete users via the /api/user/delali...

7.5CVSS7.7AI score0.00149EPSS

Exploits1References1

RedhatCVE•added 2025/02/08 4:50 a.m.•7 views

CVE-2024-57587

Multiple SQL injection vulnerabilities in EasyVirt DCScope = 8.6.0 and CO2Scope = 1.3.0 allows remote unauthenticated attackers to execute arbitrary SQL commands via the 1 username or 2 password parameter to /api/auth/login...

9.1CVSS9.1AI score0.00301EPSS

Exploits1References1

RedhatCVE•added 2025/02/08 4:50 a.m.•5 views

CVE-2024-53355

Multiple incorrect access control issues in EasyVirt DCScope = 8.6.0 and CO2Scope = 1.3.0 allows remote authenticated attackers, with low privileges, to 1 add an admin user via the /api/user/addalias route; 2 modifiy a user via the /api/user/updatealias route; 4 delete users via the...

8.8CVSS6.6AI score0.00929EPSS

Exploits1References1

RedhatCVE•added 2025/02/08 4:50 a.m.•4 views

CVE-2024-53356

Weak JWT Secret vulnerabilitiy in EasyVirt DCScope = 8.6.0 and CO2Scope = 1.3.0 allows remote attackers to generate JWT for privilege escalation. The HMAC secret used for generating tokens is hardcoded as "somerandomaccesstoken". A weak HMAC secret poses a risk because attackers can use the...

9.8CVSS6.8AI score0.00909EPSS

Exploits1References1

OSV•added 2025/01/31 10:15 p.m.•2 views

CVE-2024-57587

9.1CVSS6.1AI score0.00301EPSS

Exploits1References1

NVD•added 2025/01/31 10:15 p.m.•8 views

CVE-2024-57587

9.1CVSS0.00301EPSS

Exploits1References1

NVD•added 2025/01/31 10:15 p.m.•8 views

CVE-2024-55062

Code Injection vulnerability in EasyVirt DCScope = 8.6.0 and CO2Scope = 1.3.0 allows remote unauthenticated attackers to execute arbitrary code to /api/license/sendlicense/...

9.8CVSS0.04957EPSS

Exploits1References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by