Filtered by vendor Sunbirddcim
Subscriptions
Filtered by product Dctrack
Subscriptions
Total
6 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-66237 | 1 Sunbirddcim | 2 Dctrack, Power Iq | 2025-12-05 | 6.7 Medium |
| DCIM dcTrack platforms utilize default and hard-coded credentials for access. An attacker could use these credentials to administer the database, escalate privileges on the platform or execute system commands on the host. | ||||
| CVE-2025-66238 | 1 Sunbirddcim | 2 Dctrack, Power Iq | 2025-12-05 | 7.2 High |
| DCIM dcTrack allows an attacker to misuse certain remote access features. An authenticated user with access to the appliance's virtual console could exploit these features to redirect network traffic, potentially accessing restricted services or data on the host machine. | ||||
| CVE-2024-37776 | 1 Sunbirddcim | 1 Dctrack | 2025-06-20 | 4.8 Medium |
| A cross-site scripting (XSS) vulnerability in Sunbird DCIM dcTrack v9.1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in some admin screens. | ||||
| CVE-2024-37775 | 1 Sunbirddcim | 1 Dctrack | 2025-06-20 | 7.5 High |
| Incorrect access control in Sunbird DCIM dcTrack v9.1.2 allows attackers to create or update a ticket with a location which bypasses an RBAC check. | ||||
| CVE-2024-37774 | 1 Sunbirddcim | 1 Dctrack | 2025-06-20 | 8 High |
| A Cross-Site Request Forgery (CSRF) in Sunbird DCIM dcTrack v9.1.2 allows authenticated attackers to escalate their privileges by forcing an Administrator user to perform sensitive requests in some admin screens. | ||||
| CVE-2024-37773 | 1 Sunbirddcim | 1 Dctrack | 2025-06-20 | 4.8 Medium |
| An HTML injection vulnerability in Sunbird DCIM dcTrack 9.1.2 allows attackers authenticated as administrators to inject arbitrary HTML code in an admin screen. | ||||
Page 1 of 1.