Skip to main content

Iuclid

3 CVEs product

Monthly

CVE-2024-0770 HIGH POC This Week

A vulnerability, which was classified as critical, was found in European Chemicals Agency IUCLID 7.10.3 on Windows. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Microsoft Iuclid
NVD VulDB
CVSS 3.1
7.1
EPSS
0.3%
CVE-2023-26546 HIGH This Week

European Chemicals Agency IUCLID before 6.27.6 allows remote authenticated users to execute arbitrary code via Server Side Template Injection (SSTI) with a crafted template file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection Iuclid
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2023-26089 CRITICAL Act Now

European Chemicals Agency IUCLID 6.x before 6.27.6 allows authentication bypass because a weak hard-coded secret is used for JWT signing. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Iuclid
NVD
CVSS 3.1
9.8
EPSS
1.1%
EPSS 0% CVSS 7.1
HIGH POC This Week

A vulnerability, which was classified as critical, was found in European Chemicals Agency IUCLID 7.10.3 on Windows. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Microsoft Iuclid
NVD VulDB
EPSS 1% CVSS 8.8
HIGH This Week

European Chemicals Agency IUCLID before 6.27.6 allows remote authenticated users to execute arbitrary code via Server Side Template Injection (SSTI) with a crafted template file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection Iuclid
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

European Chemicals Agency IUCLID 6.x before 6.27.6 allows authentication bypass because a weak hard-coded secret is used for JWT signing. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Iuclid
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy