VYPR
Vendor

Urve

Products
3
CVEs
7
Across products
7
Status
Private

Products

3

Recent CVEs

7
  • CVE-2020-29551CriDec 23, 2020
    risk 0.59cvss 9.1epss 0.03

    An issue was discovered in URVE Build 24.03.2020. Using the _internal/pc/shutdown.php path, it is possible to shutdown the system. Among others, the following files and scripts are also accessible: _internal/pc/abort.php, _internal/pc/restart.php, _internal/pc/vpro.php,…

  • CVE-2022-2419HigJul 15, 2022
    risk 0.53cvss 8.0epss 0.13

    A vulnerability was found in URVE Web Manager. It has been declared as critical. This vulnerability affects unknown code of the file _internal/collector/upload.php. The manipulation leads to unrestricted upload. Access to the local network is required for this attack to succeed.…

  • CVE-2022-2420HigJul 15, 2022
    risk 0.52cvss 8.0epss 0.01

    A vulnerability was found in URVE Web Manager. It has been rated as critical. This issue affects some unknown processing of the file _internal/uploader.php. The manipulation leads to unrestricted upload. The attack needs to be approached within the local network. The exploit has…

  • CVE-2022-2418HigJul 15, 2022
    risk 0.52cvss 8.0epss 0.01

    A vulnerability was found in URVE Web Manager. It has been classified as critical. This affects an unknown part of the file kreator.html5/img_upload.php. The manipulation leads to unrestricted upload. Access to the local network is required for this attack. The exploit has been…

  • CVE-2020-29550HigDec 23, 2020
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in URVE Build 24.03.2020. The password of an integration user account (used for the connection of the MS Office 365 Integration Service) is stored in cleartext in configuration files as well as in the database. The following files contain the password in…

  • CVE-2025-10348MedOct 30, 2025
    risk 0.33cvss epss 0.00

    URVE Smart Office is vulnerable to Stored XSS in report problem functionality. An attacker with a low-privileged account can upload an SVG file containing a malicious payload, which will be executed when a victim visits the URL of the uploaded resource. The resource is available…

  • CVE-2025-59939Sep 27, 2025
    risk 0.00cvss epss 0.00

    WeGIA is a Web manager for charitable institutions. Prior to version 3.5.0, WeGIA is vulnerable to SQL Injection attacks in the control.php endpoint with the following parameters: nomeClasse=ProdutoControle&metodo=excluir&id_produto=[malicious command]. It is necessary to apply…