CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Simopro Technology WinMatrix3 is an IT resource management system for enterprise-class computer asset management, endpoint security control and IT operations management. A file upload vulnerability exists in Simopro Technology WinMatrix3, which stems from the application's lack of validation of...

8.6CVSS7.9AI score0.01217EPSS

Exploits0References1

CNVD•added 2025/07/25 12:0 a.m.•2 views

Simopro Technology WinMatrix3 SQL Injection Vulnerability (CNVD-2025-20307)

Simopro Technology WinMatrix3 is an IT resource management system for enterprise-class computer asset management, endpoint security control and IT operations management. Simopro Technology WinMatrix3 suffers from a SQL injection vulnerability that can be exploited by a remote attacker to read the...

7.1CVSS8AI score0.00145EPSS

Exploits0References1

CNVD•added 2025/07/25 12:0 a.m.•1 views

Simopro Technology WinMatrix3 SQL Injection Vulnerability

Simopro Technology WinMatrix3 is an IT resource management system for enterprise-class computer asset management, endpoint security control and IT operations management. Simopro Technology WinMatrix3 suffers from a SQL injection vulnerability that stems from the application's lack of validation o...

9.8CVSS8.1AI score0.00455EPSS

Exploits0References1

CNVD•added 2025/07/25 12:0 a.m.•2 views

Simopro Technology WinMatrix3 Deserialization Vulnerability

Simopro Technology WinMatrix3 is an IT resource management system for enterprise-class computer asset management, endpoint security control and IT operations management. Simopro Technology WinMatrix3 suffers from a deserialization vulnerability that arises from unsafe deserialization of serialize...

9.8CVSS7.6AI score0.04657EPSS

Exploits0References1

RedhatCVE•added 2025/07/23 7:3 a.m.•3 views

CVE-2025-7920

WinMatrix3 Web package developed by Simopro Technology has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks...

6.1CVSS7.5AI score0.00166EPSS

Exploits0References1

RedhatCVE•added 2025/07/23 7:3 a.m.•6 views

CVE-2025-7917

WinMatrix3 Web package developed by Simopro Technology has an Arbitrary File Upload vulnerability, allowing remote attackers with administrator privileges to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server...

8.6CVSS8.4AI score0.01217EPSS

Exploits0References1

RedhatCVE•added 2025/07/23 7:3 a.m.•6 views

CVE-2025-7918

WinMatrix3 Web package developed by Simopro Technology has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents...

9.8CVSS8.8AI score0.00455EPSS

Exploits0References1

RedhatCVE•added 2025/07/23 6:1 a.m.•2 views

CVE-2025-7916

WinMatrix3 developed by Simopro Technology has an Insecure Deserialization vulnerability, allowing unauthenticated remote attackers to execute arbitrary code on the server by sending maliciously crafted serialized contents...

9.8CVSS8.5AI score0.04657EPSS

Exploits0References1

NVD•added 2025/07/21 7:15 a.m.•3 views

CVE-2025-7920

6.1CVSS0.00166EPSS

Exploits0References2

Vulnrichment•added 2025/07/21 6:59 a.m.•2 views

CVE-2025-7920 Simopro Technology｜WinMatrix3 Web package - Reflected Cross-Site Scripting

6.1CVSS6.9AI score0.00166EPSS

Exploits0References2

CVE•added 2025/07/21 6:59 a.m.•11 views

CVE-2025-7920

CVE-2025-7920 describes a reflected Cross-site Scripting vulnerability in the WinMatrix3 Web package from Simopro Technology. The issue arises from lack of proper filtering/escaping of user-supplied data, enabling unauthenticated attackers to induce a user to execute arbitrary JavaScript in the b...

6.1CVSS6.9AI score0.00166EPSS

Exploits0References2