VYPR

DynamicWeb

by DynamicWeb

CVEs (2)

  • CVE-2022-25369CriJan 23, 2026
    risk 0.70cvss 9.8epss 0.41

    An issue was discovered in Dynamicweb before 9.12.8. An attacker can add a new administrator user without authentication. This flaw exists due to a logic issue when determining if the setup phases of the product can be run again. Once an attacker is authenticated as the new…

  • CVE-2026-2731CriFeb 19, 2026
    risk 0.65cvss epss 0.01

    Path traversal and content injection in JobRunnerBackground.aspx in DynamicWeb 8 (all) and 9 (<9.19.7 and <9.20.3) allows unauthenticated attackers to execute code via simple web requests