Bluvoyix

5 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2026-22240 HIGH This Week

Bluvoyix stores user passwords in plaintext and exposes them through unauthenticated APIs, allowing remote attackers to retrieve credentials without authentication and gain administrative access to customer accounts. This high-severity vulnerability affects all users of the platform and could lead to complete compromise of customer data, with no patch currently available.

Information Disclosure Bluvoyix
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-22239 MEDIUM This Month

BLUVOYIX's email sending API contains design flaws that permit unauthenticated attackers to send arbitrary emails on behalf of affected organizations through specially crafted HTTP requests. This integrity issue requires no user interaction and could enable large-scale spam or phishing campaigns originating from compromised systems. No patch is currently available for this vulnerability.

Aws Bluvoyix
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2026-22238 CRITICAL Act Now

BLUVOYIX admin APIs allow unauthenticated creation of admin users, enabling complete platform takeover.

Privilege Escalation Authentication Bypass Bluvoyix
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2026-22237 CRITICAL Act Now

BLUVOYIX exposes internal API documentation publicly, allowing attackers to discover and abuse internal functionality.

Information Disclosure Bluvoyix
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2026-22236 CRITICAL Act Now

BLUVOYIX platform has unauthenticated API access allowing full customer data extraction and platform compromise.

Authentication Bypass Bluvoyix
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2026-22240
EPSS 0% CVSS 7.5
HIGH This Week

Bluvoyix stores user passwords in plaintext and exposes them through unauthenticated APIs, allowing remote attackers to retrieve credentials without authentication and gain administrative access to customer accounts. This high-severity vulnerability affects all users of the platform and could lead to complete compromise of customer data, with no patch currently available.

Information Disclosure Bluvoyix
NVD
CVE-2026-22239
EPSS 0% CVSS 5.3
MEDIUM This Month

BLUVOYIX's email sending API contains design flaws that permit unauthenticated attackers to send arbitrary emails on behalf of affected organizations through specially crafted HTTP requests. This integrity issue requires no user interaction and could enable large-scale spam or phishing campaigns originating from compromised systems. No patch is currently available for this vulnerability.

Aws Bluvoyix
NVD
CVE-2026-22238
EPSS 0% CVSS 9.8
CRITICAL Act Now

BLUVOYIX admin APIs allow unauthenticated creation of admin users, enabling complete platform takeover.

Privilege Escalation Authentication Bypass Bluvoyix
NVD
CVE-2026-22237
EPSS 1% CVSS 9.8
CRITICAL Act Now

BLUVOYIX exposes internal API documentation publicly, allowing attackers to discover and abuse internal functionality.

Information Disclosure Bluvoyix
NVD
CVE-2026-22236
EPSS 0% CVSS 9.8
CRITICAL Act Now

BLUVOYIX platform has unauthenticated API access allowing full customer data extraction and platform compromise.

Authentication Bypass Bluvoyix
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy