VYPR
Vendor

Spinetix

Products
5
CVEs
5
Across products
8
Status
Private

Products

5

Recent CVEs

5
  • CVE-2020-36888Dec 10, 2025
    risk 0.00cvss epss 0.00

    SpinetiX Fusion Digital Signage 3.4.8 contains a username enumeration vulnerability in its login script that allows attackers to identify valid user accounts. Attackers can send crafted login requests with different usernames to distinguish between existing and non-existing…

  • CVE-2020-36887Dec 10, 2025
    risk 0.00cvss epss 0.00

    SpinetiX Fusion Digital Signage 3.4.8 contains an unauthenticated information disclosure vulnerability in the database backup directory. Attackers can access the /content/files/backups/ endpoint to download sensitive backup files containing user credentials and system…

  • CVE-2020-36886Dec 10, 2025
    risk 0.00cvss epss 0.00

    SpinetiX Fusion Digital Signage 3.4.8 contains a cross-site request forgery vulnerability that allows attackers to create administrative user accounts without proper request validation. Attackers can craft a malicious web page that automatically submits a form to create a new…

  • CVE-2020-36883Dec 10, 2025
    risk 0.00cvss epss 0.01

    SpinetiX Fusion Digital Signage 3.4.8 and lower contains an authenticated path traversal vulnerability that allows attackers to manipulate file backup and deletion operations through unverified input parameters. Attackers can exploit path traversal techniques in index.php to…

  • CVE-2020-15809Mar 24, 2021
    risk 0.00cvss epss 0.01

    spxmanage on certain SpinetiX devices allows requests that access unintended resources because of SSRF and Path Traversal. This affects HMP350, HMP300, and DiVA through 4.5.2-1.0.36229; HMP400 and HMP400W through 4.5.2-1.0.2-1eb2ffbd; and DSOS through 4.5.2-1.0.2-1eb2ffbd.