Traccar Traccar Server version 4.0 and earlier contains a CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability in ComputedAttributesHandler.java that can result in Remote Command Execution. This attack appear to be exploitable via Remote: web application request by a self...
9.8CVSS
9.6AI Score
0.002EPSS
In Traccar Server version 4.2, protocol/SpotProtocolDecoder.java might allow XXE attacks.
9.8CVSS
9.4AI Score
0.002EPSS