CVE-2024-57587

The CVE-2024-57587 issue affects EasyVirt DCScope (<= 8.6.0) and EasyVirt CO2Scope (

CVE-2024-53357

Summary of CVE-2024-53357 : The affected products are EasyVirt DCScope (<= 8.6.0) and EasyVirt CO2Scope (

CVE-2024-55062

CVE-2024-55062 affects EasyVirt DCScope and EasyVirt CO2Scope. The vulnerability is a code injection flaw in the vulnerable API endpoint /api/license/sendlicense/, allowing remote unauthenticated attackers to execute arbitrary code. Reported versions: DCScope ≤ 8.6.0 and CO2Scope ≤ 1.3.0. The ava...

PT-2025-2958 · Easyvirt · Easyvirt Dcscope +1

Name of the Vulnerable Software and Affected Versions: EasyVirt DCScope versions 8.6.0 and earlier EasyVirt CO2Scope versions 1.3.0 and earlier Description: The issue allows remote authenticated attackers to execute arbitrary SQL commands. This can be achieved via various parameters to different...

PT-2025-2960 · Easyvirt · Easyvirt Dcscope

Name of the Vulnerable Software and Affected Versions: EasyVirt DCScope versions 8.6.0 and earlier CO2Scope versions 1.3.0 and earlier Description: The issue allows remote attackers to generate JSON Web Tokens JWTs for privilege escalation due to a weak JWT secret. The HMAC secret used for...

PT-2025-2959 · Easyvirt · Easyvirt Dcscope +1

Name of the Vulnerable Software and Affected Versions: EasyVirt DCScope versions 8.6.0 and earlier EasyVirt CO2Scope versions 1.3.0 and earlier Description: The issue allows remote authenticated attackers with low privileges to perform various unauthorized actions. This includes adding an admin...

PT-2025-3092 · Easyvirt · Easyvirt Dcscope +1

Name of the Vulnerable Software and Affected Versions: EasyVirt DCScope versions 8.6.0 and earlier EasyVirt CO2Scope versions 1.3.0 and earlier Description: The issue allows remote unauthenticated attackers to execute arbitrary code. This can be done through the /api/license/sendlicense/ API...

PT-2025-3478 · Easyvirt · Easyvirt Dcscope +1

Name of the Vulnerable Software and Affected Versions: EasyVirt DCScope versions 8.6.0 and earlier EasyVirt CO2Scope versions 1.3.0 and earlier Description: The issue allows remote unauthenticated attackers to execute arbitrary SQL commands. This can be achieved via the username or password...

CVE-2024-53356

Weak JWT Secret vulnerabilitiy in EasyVirt DCScope = 8.6.0 and CO2Scope = 1.3.0 allows remote attackers to generate JWT for privilege escalation. The HMAC secret used for generating tokens is hardcoded as "somerandomaccesstoken". A weak HMAC secret poses a risk because attackers can use the...

CVE-2024-53355

Multiple incorrect access control issues in EasyVirt DCScope = 8.6.0 and CO2Scope = 1.3.0 allows remote authenticated attackers, with low privileges, to 1 add an admin user via the /api/user/addalias route; 2 modifiy a user via the /api/user/updatealias route; 4 delete users via the...