This page aggregates publicly disclosed CVE and security risk information related to ureport2_project, with CVSS, EPSS, publication dates, and vulnerability intelligence data to help assess potential risk and remediation priority.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2023-50090 | Arbitrary File Write vulnerability in the saveReportFile method of ureport2 2.2.9 and before allows attackers to write arbitrary files and run arbitrary commands via crafted POST request. | [email protected] | 9.8 | 0.77% | 2024-01-03 | 2026-06-17 |
| CVE-2022-25767 | All versions of package com.bstek.ureport:ureport2-console are vulnerable to Remote Code Execution by connecting to a malicious database server, causing arbitrary file read and deserialization of local gadgets. | [email protected] | 9.8 | 2.91% | 2022-05-01 | 2026-06-17 |