Urve
Products
3- 4 CVEs
- 2 CVEs
- 1 CVE
Recent CVEs
7| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-29551 | Cri | 0.59 | 9.1 | 0.03 | Dec 23, 2020 | An issue was discovered in URVE Build 24.03.2020. Using the _internal/pc/shutdown.php path, it is possible to shutdown the system. Among others, the following files and scripts are also accessible: _internal/pc/abort.php, _internal/pc/restart.php, _internal/pc/vpro.php,… | ||
| CVE-2022-2419 | Hig | 0.53 | 8.0 | 0.13 | Jul 15, 2022 | A vulnerability was found in URVE Web Manager. It has been declared as critical. This vulnerability affects unknown code of the file _internal/collector/upload.php. The manipulation leads to unrestricted upload. Access to the local network is required for this attack to succeed.… | ||
| CVE-2022-2420 | Hig | 0.52 | 8.0 | 0.01 | Jul 15, 2022 | A vulnerability was found in URVE Web Manager. It has been rated as critical. This issue affects some unknown processing of the file _internal/uploader.php. The manipulation leads to unrestricted upload. The attack needs to be approached within the local network. The exploit has… | ||
| CVE-2022-2418 | Hig | 0.52 | 8.0 | 0.01 | Jul 15, 2022 | A vulnerability was found in URVE Web Manager. It has been classified as critical. This affects an unknown part of the file kreator.html5/img_upload.php. The manipulation leads to unrestricted upload. Access to the local network is required for this attack. The exploit has been… | ||
| CVE-2020-29550 | Hig | 0.49 | 7.5 | 0.01 | Dec 23, 2020 | An issue was discovered in URVE Build 24.03.2020. The password of an integration user account (used for the connection of the MS Office 365 Integration Service) is stored in cleartext in configuration files as well as in the database. The following files contain the password in… | ||
| CVE-2025-10348 | Med | 0.33 | — | 0.00 | Oct 30, 2025 | URVE Smart Office is vulnerable to Stored XSS in report problem functionality. An attacker with a low-privileged account can upload an SVG file containing a malicious payload, which will be executed when a victim visits the URL of the uploaded resource. The resource is available… | ||
| CVE-2025-59939 | 0.00 | — | 0.00 | Sep 27, 2025 | WeGIA is a Web manager for charitable institutions. Prior to version 3.5.0, WeGIA is vulnerable to SQL Injection attacks in the control.php endpoint with the following parameters: nomeClasse=ProdutoControle&metodo=excluir&id_produto=[malicious command]. It is necessary to apply… |
- risk 0.59cvss 9.1epss 0.03
An issue was discovered in URVE Build 24.03.2020. Using the _internal/pc/shutdown.php path, it is possible to shutdown the system. Among others, the following files and scripts are also accessible: _internal/pc/abort.php, _internal/pc/restart.php, _internal/pc/vpro.php,…
- risk 0.53cvss 8.0epss 0.13
A vulnerability was found in URVE Web Manager. It has been declared as critical. This vulnerability affects unknown code of the file _internal/collector/upload.php. The manipulation leads to unrestricted upload. Access to the local network is required for this attack to succeed.…
- risk 0.52cvss 8.0epss 0.01
A vulnerability was found in URVE Web Manager. It has been rated as critical. This issue affects some unknown processing of the file _internal/uploader.php. The manipulation leads to unrestricted upload. The attack needs to be approached within the local network. The exploit has…
- risk 0.52cvss 8.0epss 0.01
A vulnerability was found in URVE Web Manager. It has been classified as critical. This affects an unknown part of the file kreator.html5/img_upload.php. The manipulation leads to unrestricted upload. Access to the local network is required for this attack. The exploit has been…
- risk 0.49cvss 7.5epss 0.01
An issue was discovered in URVE Build 24.03.2020. The password of an integration user account (used for the connection of the MS Office 365 Integration Service) is stored in cleartext in configuration files as well as in the database. The following files contain the password in…
- risk 0.33cvss —epss 0.00
URVE Smart Office is vulnerable to Stored XSS in report problem functionality. An attacker with a low-privileged account can upload an SVG file containing a malicious payload, which will be executed when a victim visits the URL of the uploaded resource. The resource is available…
- CVE-2025-59939Sep 27, 2025risk 0.00cvss —epss 0.00
WeGIA is a Web manager for charitable institutions. Prior to version 3.5.0, WeGIA is vulnerable to SQL Injection attacks in the control.php endpoint with the following parameters: nomeClasse=ProdutoControle&metodo=excluir&id_produto=[malicious command]. It is necessary to apply…