VYPR
Vendor

KoreLogic

Products
4
CVEs
7
Across products
7
Status
Private

Products

4

Recent CVEs

7
  • CVE-2025-5099CriMay 23, 2025
    risk 0.64cvss 9.8epss 0.01

    An Out of Bounds Write occurs when the native library attempts PDF rendering, which can be exploited to achieve memory corruption and potentially arbitrary code execution.

  • CVE-2024-6891HigAug 8, 2024
    risk 0.57cvss 8.8epss 0.01

    Attackers with a valid username and password can exploit a python code injection vulnerability during the natural login flow.

  • CVE-2024-6707HigAug 7, 2024
    risk 0.57cvss 8.8epss 0.01

    Attacker controlled files can be uploaded to arbitrary locations on the web server's filesystem by abusing a path traversal vulnerability.

  • CVE-2025-5100HigMay 23, 2025
    risk 0.52cvss 8.0epss 0.00

    A double-free condition occurs during the cleanup of temporary image files, which can be exploited to achieve memory corruption and potentially arbitrary code execution.

  • CVE-2024-6893HigAug 8, 2024
    risk 0.51cvss 7.5epss 0.33

    The "soap_cgi.pyc" API handler allows the XML body of SOAP requests to contain references to external entities. This allows an unauthenticated attacker to read local files, perform server-side request forgery, and overwhelm the web server resources.

  • CVE-2025-54766MedJul 29, 2025
    risk 0.35cvss 5.3epss 0.07

    An API endpoint that should be limited to web application administrators is hidden from, but accessible by, lower-level read only web application users. The endpoint can be used to export the appliance configuration, exposing sensitive information.

  • CVE-2025-54765MedJul 29, 2025
    risk 0.35cvss 5.3epss 0.07

    An API endpoint that should be limited to web application administrators is hidden from, but accessible by, lower-level read only web application users. The endpoint can be used to import the appliance configuration, allowing an attacker to control the configuration of the…