VYPR
Vendor

EasyVirt

Products
3
CVEs
9
Across products
16
Status
Private

Products

3

Recent CVEs

9
  • CVE-2024-55062CriJan 31, 2025
    risk 0.64cvss 9.8epss 0.01

    Code Injection vulnerability in EasyVirt DCScope <= 8.6.0 and CO2Scope <= 1.3.0 allows remote unauthenticated attackers to execute arbitrary code to /api/license/sendlicense/.

  • CVE-2024-53356CriJan 31, 2025
    risk 0.64cvss 9.8epss 0.01

    Weak JWT Secret vulnerabilitiy in EasyVirt DCScope <= 8.6.0 and CO2Scope <= 1.3.0 allows remote attackers to generate JWT for privilege escalation. The HMAC secret used for generating tokens is hardcoded as "somerandomaccesstoken". A weak HMAC secret poses a risk because…

  • CVE-2024-57587CriJan 31, 2025
    risk 0.59cvss 9.1epss 0.01

    Multiple SQL injection vulnerabilities in EasyVirt DCScope <= 8.6.0 and CO2Scope <= 1.3.0 allows remote unauthenticated attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter to /api/auth/login.

  • CVE-2024-55063HigMay 19, 2025
    risk 0.57cvss 8.8epss 0.01

    Multiple Code Injection vulnerabilities in EasyVirt DC NetScope <= 8.7.0 allows remote authenticated attackers to execute arbitrary code via the (1) lang parameter to /international/keyboard/options; the (2) keyboard_layout or (3) keyboard_variant parameter to…

  • CVE-2024-53355HigJan 31, 2025
    risk 0.57cvss 8.8epss 0.01

    Multiple incorrect access control issues in EasyVirt DCScope <= 8.6.0 and CO2Scope <= 1.3.0 allows remote authenticated attackers, with low privileges, to (1) add an admin user via the /api/user/addalias route; (2) modifiy a user via the /api/user/updatealias route; (4) delete…

  • CVE-2024-53357HigJan 31, 2025
    risk 0.49cvss 7.5epss 0.00

    Multiple SQL injection vulnerabilities in EasyVirt DCScope <= 8.6.0 and CO2Scope <= 1.3.0 allows remote authenticated attackers, with low privileges, to (1) add an admin user via the /api/user/addalias route; (2) modifiy a user via the /api/user/updatealiasroute; (4) delete…

  • CVE-2025-28076MedApr 25, 2025
    risk 0.42cvss 6.5epss 0.00

    Multiple SQL injection vulnerabilities in EasyVirt DCScope <= 8.6.4 and CO2Scope <= 1.3.4 allows remote authenticated attackers to execute arbitrary SQL commands via the (1) timeago, (2) user, (3) filter, (4) target, (5) p1, (6) p2, (7) p3, (8) p4, (9) p5, (10) p6, (11) p7, (12)…

  • CVE-2024-53354MedJan 31, 2025
    risk 0.42cvss 6.5epss 0.00

    Multiple SQL injection vulnerabilities in EasyVirt DCScope <= 8.6.0 and CO2Scope <= 1.3.0 allows remote authenticated attackers to execute arbitrary SQL commands via the (1) user parameter to /api/management/findfilterlist; the (2) user or (3) filter parameter to…

  • CVE-2024-55064MedMar 3, 2025
    risk 0.35cvss 5.4epss 0.00

    Multiple cross-site scripting (XSS) vulnerabilities in EasyVirt DC NetScope <= 8.6.4 allow remote attackers to inject arbitrary JavaScript or HTML code via the (1) smtp_server, (2) smtp_account, (3) smtp_password, or (4) email_recipients parameter to /smtp/update; the (5) ntp or…