Skip to main content

Vince

7 CVEs product

Monthly

CVE-2026-8142 MEDIUM This Month

VINCE versions 3.0.38 and earlier fail to properly verify sender address authenticity due to encoding confusion, allowing unauthenticated remote attackers to forge email From addresses and trigger automated actions such as ticket creation or updates. The vulnerability combines information disclosure with integrity impact, affecting the reliability of ticket management workflows that depend on sender validation.

Information Disclosure Vince
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2024-10469 MEDIUM This Month

VINCE versions before 3.0.9 is vulnerable to exposure of User information to authenticated users. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Vince
NVD GitHub
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-9953 MEDIUM PATCH This Month

A potential denial-of-service (DoS) vulnerability exists in CERT VINCE software versions prior to 3.0.8. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization Python Vince
NVD GitHub
CVSS 3.1
4.9
EPSS
0.4%
CVE-2022-40238 HIGH This Week

A Remote Code Injection vulnerability exists in CERT software prior to version 1.50.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Deserialization Vince
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2022-40257 MEDIUM This Month

An HTML injection vulnerability exists in CERT/CC VINCE software prior to 1.50.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Vince
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-40248 MEDIUM This Month

An HTML injection vulnerability exists in CERT/CC VINCE software prior to 1.50.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Vince
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-25799 MEDIUM POC This Month

An open redirect vulnerability exists in CERT/CC VINCE software prior to 1.50.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Vince
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
EPSS 0% CVSS 6.5
MEDIUM This Month

VINCE versions 3.0.38 and earlier fail to properly verify sender address authenticity due to encoding confusion, allowing unauthenticated remote attackers to forge email From addresses and trigger automated actions such as ticket creation or updates. The vulnerability combines information disclosure with integrity impact, affecting the reliability of ticket management workflows that depend on sender validation.

Information Disclosure Vince
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM This Month

VINCE versions before 3.0.9 is vulnerable to exposure of User information to authenticated users. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Vince
NVD GitHub
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

A potential denial-of-service (DoS) vulnerability exists in CERT VINCE software versions prior to 3.0.8. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization Python Vince
NVD GitHub
EPSS 1% CVSS 8.8
HIGH This Week

A Remote Code Injection vulnerability exists in CERT software prior to version 1.50.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Deserialization Vince
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM This Month

An HTML injection vulnerability exists in CERT/CC VINCE software prior to 1.50.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Vince
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM This Month

An HTML injection vulnerability exists in CERT/CC VINCE software prior to 1.50.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Vince
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM POC This Month

An open redirect vulnerability exists in CERT/CC VINCE software prior to 1.50.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Vince
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy