VYPR
Vendor

Copeland

Products
3
CVEs
5
Across products
9
Status
Private

Products

3

Recent CVEs

5
  • CVE-2026-25109HigFeb 27, 2026
    risk 0.52cvss 8.0epss 0.02

    An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the devices field when accessing the get setup route.

  • CVE-2026-20910HigFeb 27, 2026
    risk 0.52cvss 8.0epss 0.01

    An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the devices field of the firmware update action to achieve remote code…

  • CVE-2026-20797MedFeb 27, 2026
    risk 0.28cvss 4.3epss 0.01

    A stack based buffer overflow exists in an API route of XWEB Pro version 1.12.1 and prior, enabling unauthenticated attackers to cause stack corruption and a termination of the program.

  • CVE-2026-21718Feb 27, 2026
    risk 0.00cvss epss 0.00

    An authentication bypass vulnerability exists in Copeland XWEB Pro version 1.12.1 and prior, enabling any attackers to bypass the authentication requirement and achieve pre-authenticated code execution on the system.

  • CVE-2026-25085Feb 27, 2026
    risk 0.00cvss epss 0.00

    A vulnerability exists in Copeland XWEB Pro version 1.12.1 and prior, in which an unexpected return value from the authentication routine is later on processed as a legitimate value, resulting in an authentication bypass.