VYPR

Vaelsys

by Vaelsys

CVEs (4)

  • CVE-2025-8259HigJul 28, 2025
    risk 0.48cvss 7.3epss 0.03

    A vulnerability was identified in Vaelsys VaelsysV4 up to 5.1.0/5.4.0. Affected by this issue is the function execute_DataObjectProc of the file /grid/vgrid_server.php of the component Web interface. Such manipulation of the argument xajaxargs leads to os command injection. The…

  • CVE-2026-2952HigFeb 22, 2026
    risk 0.47cvss 7.3epss 0.05

    A flaw has been found in Vaelsys 4.1.0. This vulnerability affects unknown code of the file /tree/tree_server.php of the component HTTP POST Request Handler. This manipulation of the argument xajaxargs causes os command injection. The attack is possible to be carried out…

  • CVE-2025-8261HigJul 28, 2025
    risk 0.47cvss 7.3epss 0.01

    A weakness has been identified in Vaelsys VaelsysV4 4.1.0. This vulnerability affects unknown code of the file /grid/vgrid_server.php of the component User Creation Handler. Executing a manipulation can lead to improper authorization. The attack may be performed from remote. The…

  • CVE-2025-8260LowJul 28, 2025
    risk 0.20cvss 3.1epss 0.00

    A security flaw has been discovered in Vaelsys VaelsysV4 up to 5.1.0/5.4.0. This affects an unknown part of the file /grid/vgrid_server.php of the component Web interface. Performing a manipulation of the argument xajaxargs results in use of weak hash. The attack is possible to…