This page aggregates publicly disclosed CVE and security risk information related to stvs, with CVSS, EPSS, publication dates, and vulnerability intelligence data to help assess potential risk and remediation priority.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2021-47724 | STVS ProVision 5.9.10 contains a path traversal vulnerability that allows authenticated attackers to access arbitrary files by manipulating the files parameter in the archive download functionality. Attackers can send GET requests to /archive/download with directory traversal sequences to read sensitive system files like /etc/passwd. | [email protected] | 7.1 | 0.13% | 2025-12-09 | 2026-02-13 |
| CVE-2021-47723 | STVS ProVision 5.9.10 contains a cross-site request forgery vulnerability that allows attackers to perform actions with administrative privileges by exploiting unvalidated HTTP requests. Attackers can visit malicious web sites to trigger the forge request, allowing them to create new admin users. | [email protected] | 6.9 | 0.02% | 2025-12-09 | 2026-02-17 |