Wellchoose
Products
4- 6 CVEs
- 3 CVEs
- 3 CVEs
- 1 CVE
Recent CVEs
13| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-7619 | Hig | 0.57 | 8.8 | 0.03 | Jul 14, 2025 | BatchSignCS, a background Windows application developed by WellChoose, has an Arbitrary File Write vulnerability. If a user visits a malicious website while the application is running, remote attackers can write arbitrary files to any path and potentially lead to arbitrary code execution. | ||
| CVE-2026-3826 | 0.00 | — | 0.00 | Mar 11, 2026 | IFTOP developed by WellChoose has a Local File Inclusion vulnerability, allowing unauthenticated remote attackers to execute arbitrary code on the server. | |||
| CVE-2026-3825 | 0.00 | — | 0.00 | Mar 11, 2026 | IFTOP developed by WellChoose has a Reflected Cross-site Scripting vulnerability, allowing authenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks. | |||
| CVE-2026-3824 | 0.00 | — | 0.00 | Mar 11, 2026 | IFTOP developed by WellChoose has an Open redirect vulnerability, allowing authenticated remote attackers to craft a URL that tricks users into visiting malicious website. | |||
| CVE-2026-1429 | 0.00 | — | 0.00 | Jan 26, 2026 | Single Sign-On Portal System developed by WellChoose has a Reflected Cross-site Scripting vulnerability, allowing authenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks. | |||
| CVE-2026-1428 | 0.00 | — | 0.00 | Jan 26, 2026 | Single Sign-On Portal System developed by WellChoose has a OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the server. | |||
| CVE-2026-1427 | 0.00 | — | 0.00 | Jan 26, 2026 | Single Sign-On Portal System developed by WellChoose has a OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the server. | |||
| CVE-2025-8914 | 0.00 | — | 0.00 | Aug 13, 2025 | Organization Portal System developed by WellChoose has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents. | |||
| CVE-2025-8913 | 0.00 | — | 0.01 | Aug 13, 2025 | Organization Portal System developed by WellChoose has a Local File Inclusion vulnerability, allowing unauthenticated remote attackers to execute arbitrary code on the server. | |||
| CVE-2025-8912 | 0.00 | — | 0.00 | Aug 13, 2025 | Organization Portal System developed by WellChoose has an Arbitrary File Reading vulnerability, allowing unauthenticated remote attackers to exploit Absolute Path Traversal to download arbitrary system files. | |||
| CVE-2025-8911 | 0.00 | — | 0.00 | Aug 13, 2025 | Organization Portal System developed by WellChoose has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks. | |||
| CVE-2025-8910 | 0.00 | — | 0.00 | Aug 13, 2025 | Organization Portal System developed by WellChoose has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks. | |||
| CVE-2025-8909 | 0.00 | — | 0.00 | Aug 13, 2025 | Organization Portal System developed by WellChoose has an Arbitrary File Reading vulnerability, allowing remote attackers with regular privileges to exploit Absolute Path Traversal to download arbitrary system files. |
- risk 0.57cvss 8.8epss 0.03
BatchSignCS, a background Windows application developed by WellChoose, has an Arbitrary File Write vulnerability. If a user visits a malicious website while the application is running, remote attackers can write arbitrary files to any path and potentially lead to arbitrary code execution.
- CVE-2026-3826Mar 11, 2026risk 0.00cvss —epss 0.00
IFTOP developed by WellChoose has a Local File Inclusion vulnerability, allowing unauthenticated remote attackers to execute arbitrary code on the server.
- CVE-2026-3825Mar 11, 2026risk 0.00cvss —epss 0.00
IFTOP developed by WellChoose has a Reflected Cross-site Scripting vulnerability, allowing authenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks.
- CVE-2026-3824Mar 11, 2026risk 0.00cvss —epss 0.00
IFTOP developed by WellChoose has an Open redirect vulnerability, allowing authenticated remote attackers to craft a URL that tricks users into visiting malicious website.
- CVE-2026-1429Jan 26, 2026risk 0.00cvss —epss 0.00
Single Sign-On Portal System developed by WellChoose has a Reflected Cross-site Scripting vulnerability, allowing authenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks.
- CVE-2026-1428Jan 26, 2026risk 0.00cvss —epss 0.00
Single Sign-On Portal System developed by WellChoose has a OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the server.
- CVE-2026-1427Jan 26, 2026risk 0.00cvss —epss 0.00
Single Sign-On Portal System developed by WellChoose has a OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the server.
- CVE-2025-8914Aug 13, 2025risk 0.00cvss —epss 0.00
Organization Portal System developed by WellChoose has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents.
- CVE-2025-8913Aug 13, 2025risk 0.00cvss —epss 0.01
Organization Portal System developed by WellChoose has a Local File Inclusion vulnerability, allowing unauthenticated remote attackers to execute arbitrary code on the server.
- CVE-2025-8912Aug 13, 2025risk 0.00cvss —epss 0.00
Organization Portal System developed by WellChoose has an Arbitrary File Reading vulnerability, allowing unauthenticated remote attackers to exploit Absolute Path Traversal to download arbitrary system files.
- CVE-2025-8911Aug 13, 2025risk 0.00cvss —epss 0.00
Organization Portal System developed by WellChoose has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks.
- CVE-2025-8910Aug 13, 2025risk 0.00cvss —epss 0.00
Organization Portal System developed by WellChoose has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks.
- CVE-2025-8909Aug 13, 2025risk 0.00cvss —epss 0.00
Organization Portal System developed by WellChoose has an Arbitrary File Reading vulnerability, allowing remote attackers with regular privileges to exploit Absolute Path Traversal to download arbitrary system files.