VYPR
Get started
← All vendors
Vendor

Coolercontrol

Sign in to watch
Products
2
CVEs
7
Across products
7
Status
Private

Products

2

Recent CVEs

7
CVESevRiskCVSSEPSSKEVPublishedDescription
CVE-2026-5208Hig0.538.20.00Apr 8, 2026Command injection in alerts in CoolerControl/coolercontrold <4.0.0 allows authenticated attackers to execute arbitrary code as root via injected bash commands in alert names
CVE-2026-5301Hig0.497.60.00Apr 8, 2026Stored XSS in log viewer in CoolerControl/coolercontrol-ui <4.0.0 allows unauthenticated attackers to take over the service via malicious JavaScript in poisoned log entries
CVE-2026-5302Med0.416.30.00Apr 8, 2026CORS misconfiguration in CoolerControl/coolercontrold <4.0.0 allows unauthenticated remote attackers to read data and send commands to the service via malicious websites
CVE-2026-5300Med0.385.90.00Apr 8, 2026Unauthenticated functionality in CoolerControl/coolercontrold <4.0.0 allows unauthenticated attackers to view and modify potentially sensitive data via HTTP requests
CVE-2022-484750.000.01Sep 12, 2023Buffer Overflow vulnerability in Control de Ciber version 1.650, in the printing function. Sending a modified request by the attacker could cause a Buffer Overflow when the adminitrator tries to accept or delete the print query created by the request.
CVE-2022-484740.000.02Sep 12, 2023Control de Ciber, in its 1.650 version, is affected by a Denial of Service condition through the version function. Sending a malicious request could cause the server to check if an unrecognized component is up to date, causing a memory failure error that shuts down the process.
CVE-2022-48960.000.01Sep 12, 2023Cyber Control, in its 1.650 version, is affected by a vulnerability in the generation on the server of pop-up windows with the messages "PNTMEDIDAS", "PEDIR", "HAYDISCOA" or "SPOOLER". A complete denial of service can be achieved by sending multiple requests simultaneously on a core.