Sick Baggage_analytics
13 CVEs affecting Sick Baggage_analytics. Latest disclosed: 2025-10-06. Critical: 0, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-49184 | High | 7.5 | 2025-06-12 | A remote unauthorized attacker may gather sensitive information of the application, due to missing authorization of configuration settings of the product. |
CVE-2025-58591 | Medium | 6.5 | 2025-10-06 | A remote, unauthorized attacker can brute force folders and files and read them like private keys or configurations, making the application vulnerable for gath… |
CVE-2025-58590 | Medium | 6.5 | 2025-10-06 | It's possible to brute force folders and files, what can be used by an attacker to steal sensitve information. |
CVE-2025-58587 | Medium | 6.5 | 2025-10-06 | The application does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it possible for an… |
CVE-2025-58586 | Medium | 5.3 | 2025-10-06 | For failed login attempts, the application returns different error messages depending on whether the login failed due to an incorrect password or a non-existin… |
CVE-2025-58585 | Medium | 5.3 | 2025-10-06 | Multiple endpoints with sensitive information do not require authentication, making the application susceptible to information gathering. |
CVE-2025-58584 | Medium | 5.3 | 2025-10-06 | In the HTTP request, the username and password are transferred directly in the URL as parameters. However, URLs can be stored in various systems such as server… |
CVE-2025-58579 | Medium | 5.3 | 2025-10-06 | Due to a lack of authentication, it is possible for an unauthenticated user to request data from this endpoint, making the application vulnerable for user enum… |
CVE-2025-49186 | Medium | 5.3 | 2025-06-12 | The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it susceptible to brute… |
CVE-2025-9913 | Medium | 4.5 | 2025-10-06 | JavaScript can be ran inside the address bar via the dashboard "Open in new Tab" Button, making the application vulnerable to session hijacking. |
CVE-2025-9914 | Medium | 4.3 | 2025-10-06 | The credentials of the users stored in the system's local database can be used for the log in, making it possible for an attacker to gain unauthorized access… |
CVE-2025-49193 | Medium | 4.2 | 2025-06-12 | The application fails to implement several security headers. These headers help increase the overall security level of the web application by e.g., preventing… |
CVE-2025-58589 | Low | 2.7 | 2025-10-06 | When an error occurs in the application a full stacktrace is provided to the user. The stacktrace lists class and method names as well as other internal inform… |