Skip to main content

Omicard Edm

10 CVEs product

Monthly

CVE-2026-10597 MEDIUM This Month

Insecure Direct Object Reference in ITPison's OMICARD EDM (an email marketing platform) enables unauthenticated remote attackers to manipulate a specific request parameter to retrieve arbitrary users' email addresses without authorization. The CVSS vector AV:N/AC:L/PR:N/UI:N confirms fully remote, zero-authentication exploitation requiring no user interaction, though impact is bounded to low-level confidentiality loss with no integrity or availability consequence. No public exploit code has been identified and this CVE is not listed in the CISA KEV catalog at time of analysis.

Authentication Bypass Omicard Edm
NVD VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2023-48373 HIGH This Week

ITPison OMICARD EDM has a path traversal vulnerability within its parameter “FileName” in a specific function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Omicard Edm
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2023-48372 CRITICAL Act Now

ITPison OMICARD EDM 's SMS-related function has insufficient validation for user input. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Omicard Edm
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-48371 CRITICAL Act Now

ITPison OMICARD EDM’s file uploading function does not restrict upload of file with dangerous type. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Omicard Edm
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-32753 CRITICAL Act Now

OMICARD EDM’s file uploading function does not restrict upload of file with dangerous type. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Omicard Edm
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-28700 MEDIUM This Month

OMICARD EDM backend system’s file uploading function does not restrict upload of file with dangerous type. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

File Upload Omicard Edm
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2022-35216 HIGH This Week

OMICARD EDM’s mail image relay function has a path traversal vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Omicard Edm
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-32965 CRITICAL Act Now

OMICARD EDM has a hard-coded machine key. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Authentication Bypass Omicard Edm
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-32964 CRITICAL Act Now

OMICARD EDM’s API function has insufficient validation for user input. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Omicard Edm
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-32963 HIGH This Week

OMICARD EDM’s mail file relay function has a path traversal vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Omicard Edm
NVD
CVSS 3.1
7.5
EPSS
1.2%
EPSS 0% CVSS 6.9
MEDIUM This Month

Insecure Direct Object Reference in ITPison's OMICARD EDM (an email marketing platform) enables unauthenticated remote attackers to manipulate a specific request parameter to retrieve arbitrary users' email addresses without authorization. The CVSS vector AV:N/AC:L/PR:N/UI:N confirms fully remote, zero-authentication exploitation requiring no user interaction, though impact is bounded to low-level confidentiality loss with no integrity or availability consequence. No public exploit code has been identified and this CVE is not listed in the CISA KEV catalog at time of analysis.

Authentication Bypass Omicard Edm
NVD VulDB
EPSS 1% CVSS 7.5
HIGH This Week

ITPison OMICARD EDM has a path traversal vulnerability within its parameter “FileName” in a specific function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Omicard Edm
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

ITPison OMICARD EDM 's SMS-related function has insufficient validation for user input. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Omicard Edm
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

ITPison OMICARD EDM’s file uploading function does not restrict upload of file with dangerous type. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Omicard Edm
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

OMICARD EDM’s file uploading function does not restrict upload of file with dangerous type. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Omicard Edm
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

OMICARD EDM backend system’s file uploading function does not restrict upload of file with dangerous type. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

File Upload Omicard Edm
NVD
EPSS 1% CVSS 7.5
HIGH This Week

OMICARD EDM’s mail image relay function has a path traversal vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Omicard Edm
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

OMICARD EDM has a hard-coded machine key. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Authentication Bypass Omicard Edm
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

OMICARD EDM’s API function has insufficient validation for user input. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Omicard Edm
NVD
EPSS 1% CVSS 7.5
HIGH This Week

OMICARD EDM’s mail file relay function has a path traversal vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Omicard Edm
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy