VYPR
Vendor

INCIBE

Products
6
CVEs
10
Across products
10
Status
Private

Products

6

Recent CVEs

10
  • CVE-2025-1871CriMar 3, 2025
    risk 0.64cvss 9.8epss 0.00

    SQL injection vulnerability have been found in 101news affecting version 1.0 through the "category" and "subcategory" parameters in admin/add-subcategory.php.

  • CVE-2025-41343HigNov 4, 2025
    risk 0.49cvss 7.5epss 0.00

    A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'email' in '/backend/api/users/searchUserByEmail.php'.

  • CVE-2025-41337HigNov 4, 2025
    risk 0.49cvss 7.5epss 0.00

    A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'web' in '/backend/api/buscarSSOParametros.php'.

  • CVE-2025-41336HigNov 4, 2025
    risk 0.49cvss 7.5epss 0.00

    A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'web' in '/backend/api/buscarConfiguracionParametros.php'.

  • CVE-2025-41114HigNov 4, 2025
    risk 0.49cvss 7.5epss 0.00

    A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameters 'id_denuncia' and 'id_user' in '/backend/api/buscarDocumentosByIdDenunciaUsuario.php'.

  • CVE-2025-41113HigNov 4, 2025
    risk 0.49cvss 7.5epss 0.00

    A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'id_denuncia' in '/backend/api/buscarDenunciaByPin.php'.

  • CVE-2025-41112HigNov 4, 2025
    risk 0.49cvss 7.5epss 0.00

    A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'web' in '/backend/api/buscarConfiguracionParametros2.php'.

  • CVE-2024-4599HigMay 7, 2024
    risk 0.49cvss 7.5epss 0.01

    Remote denial of service vulnerability in LAN Messenger affecting version 3.4.0. This vulnerability allows an attacker to crash the LAN Messenger service by sending a long string directly and continuously over the UDP protocol.

  • CVE-2024-1345MedFeb 19, 2024
    risk 0.44cvss 6.8epss 0.00

    Weak MySQL database root password in LaborOfficeFree affects version 19.10. This vulnerability allows an attacker to perform a brute force attack and easily discover the root password.

  • CVE-2025-41376MedAug 1, 2025
    risk 0.34cvss 5.3epss 0.01

    CRLF Injection vulnerability in Limesurvey v2.65.1+170522.  This vulnerability could allow a remote attacker to inject arbitrary HTTP headers and perform HTTP response splitting attacks via '/index.php/survey/index/sid//token/fwyfw%0d%0aCookie:%20POC'.