VYPR

GrandNode

by GrandNode

CVEs (2)

  • CVE-2019-12276HigJun 5, 2019
    risk 0.56cvss 7.5epss 0.54

    A Path Traversal vulnerability in Controllers/LetsEncryptController.cs in LetsEncryptController in GrandNode 4.40 allows remote, unauthenticated attackers to retrieve arbitrary files on the web server via specially crafted LetsEncrypt/Index?fileName= HTTP requests. A patch for…

  • CVE-2025-10216LowSep 10, 2025
    risk 0.17cvss 2.6epss 0.00

    A vulnerability was detected in GrandNode up to 2.3.0. The impacted element is an unknown function of the file /checkout/ConfirmOrder/ of the component Voucher Handler. The manipulation of the argument giftvouchercouponcode results in race condition. The attack may be launched…