VYPR
Vendor

AVE

Products
1
CVEs
4
Across products
4
Status
Private

Products

1

Recent CVEs

4
  • CVE-2020-21994CriApr 28, 2021
    risk 0.64cvss 9.8epss 0.04

    AVE DOMINAplus <=1.10.x suffers from clear-text credentials disclosure vulnerability that allows an unauthenticated attacker to issue a request to an unprotected directory that hosts an XML file '/xml/authClients.xml' and obtain administrative login information that allows for a…

  • CVE-2020-21991CriApr 28, 2021
    risk 0.64cvss 9.8epss 0.03

    AVE DOMINAplus <=1.10.x suffers from an authentication bypass vulnerability due to missing control check when directly calling the autologin GET parameter in changeparams.php script. Setting the autologin value to 1 allows an unauthenticated attacker to permanently disable the…

  • CVE-2020-21996HigApr 28, 2021
    risk 0.49cvss 7.5epss 0.04

    AVE DOMINAplus <=1.10.x suffers from an unauthenticated reboot command execution. Attackers can exploit this issue to cause a denial of service scenario.

  • CVE-2019-25233MedDec 24, 2025
    risk 0.34cvss 5.3epss 0.00

    AVE DOMINAplus 1.10.x contains cross-site request forgery and cross-site scripting vulnerabilities that allow attackers to perform administrative actions without user consent. Attackers can craft malicious web pages to exploit login.php parameters and execute arbitrary scripts…