Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

Uniong

Source -

CNA

BOS Name -

N/A

CNA CVEs -

7

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated ProductsRelated AssignersReports
7Vulnerabilities found
CVE-2025-9259
Assigner-TWCERT/CC
ShareView Details
Assigner-TWCERT/CC
CVSS Score-7.1||HIGH
EPSS-0.05% / 14.37%
||
7 Day CHG~0.00%
Published-22 Aug, 2025 | 11:46
Updated-22 Aug, 2025 | 18:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Uniong|WebITR - Arbitrary File Reading through Path Traversal

WebITR developed by Uniong has an Arbitrary File Reading vulnerability, allowing remote attackers with regular privileges to exploit Absolute Path Traversal to download arbitrary system files.

Action-Not Available
Vendor-Uniong
Product-WebITR
CWE ID-CWE-36
Absolute Path Traversal
CVE-2025-9258
Assigner-TWCERT/CC
ShareView Details
Assigner-TWCERT/CC
CVSS Score-7.1||HIGH
EPSS-0.05% / 14.37%
||
7 Day CHG~0.00%
Published-22 Aug, 2025 | 11:43
Updated-22 Aug, 2025 | 18:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Uniong|WebITR - Arbitrary File Reading through Path Traversal

WebITR developed by Uniong has an Arbitrary File Reading vulnerability, allowing remote attackers with regular privileges to exploit Absolute Path Traversal to download arbitrary system files.

Action-Not Available
Vendor-Uniong
Product-WebITR
CWE ID-CWE-36
Absolute Path Traversal
CVE-2025-9257
Assigner-TWCERT/CC
ShareView Details
Assigner-TWCERT/CC
CVSS Score-7.1||HIGH
EPSS-0.05% / 14.37%
||
7 Day CHG~0.00%
Published-22 Aug, 2025 | 11:41
Updated-22 Aug, 2025 | 18:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Uniong|WebITR - Arbitrary File Reading through Path Traversal

WebITR developed by Uniong has an Arbitrary File Reading vulnerability, allowing remote attackers with regular privileges to exploit Absolute Path Traversal to download arbitrary system files.

Action-Not Available
Vendor-Uniong
Product-WebITR
CWE ID-CWE-36
Absolute Path Traversal
CVE-2025-9256
Assigner-TWCERT/CC
ShareView Details
Assigner-TWCERT/CC
CVSS Score-7.1||HIGH
EPSS-0.05% / 14.37%
||
7 Day CHG~0.00%
Published-22 Aug, 2025 | 11:34
Updated-22 Aug, 2025 | 18:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Uniong|WebITR - Arbitrary File Reading through Path Traversal

WebITR developed by Uniong has an Arbitrary File Reading vulnerability, allowing remote attackers with regular privileges to exploit Absolute Path Traversal to download arbitrary system files.

Action-Not Available
Vendor-Uniong
Product-WebITR
CWE ID-CWE-36
Absolute Path Traversal
CVE-2025-9255
Assigner-TWCERT/CC
ShareView Details
Assigner-TWCERT/CC
CVSS Score-8.7||HIGH
EPSS-0.05% / 14.45%
||
7 Day CHG~0.00%
Published-22 Aug, 2025 | 11:25
Updated-22 Aug, 2025 | 18:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Uniong|WebITR - SQL Injection

WebITR developed by Uniong has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents.

Action-Not Available
Vendor-Uniong
Product-WebITR
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-9254
Assigner-TWCERT/CC
ShareView Details
Assigner-TWCERT/CC
CVSS Score-9.3||CRITICAL
EPSS-0.15% / 36.79%
||
7 Day CHG~0.00%
Published-22 Aug, 2025 | 11:21
Updated-22 Aug, 2025 | 18:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Uniong|WebITR - Missing Authentication

WebITR developed by Uniong has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to log into the system as arbitrary users by exploiting a specific functionality.

Action-Not Available
Vendor-Uniong
Product-WebITR
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2024-8586
Assigner-TWCERT/CC
ShareView Details
Assigner-TWCERT/CC
CVSS Score-6.1||MEDIUM
EPSS-0.03% / 8.46%
||
7 Day CHG~0.00%
Published-09 Sep, 2024 | 03:07
Updated-16 Sep, 2024 | 13:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Uniong WebITR - Open Redirect

WebITR from Uniong has an Open Redirect vulnerability, which allows unauthorized remote attackers to exploit this vulnerability to forge URLs. Users, believing they are accessing a trusted domain, can be redirected to another page, potentially leading to phishing attacks.

Action-Not Available
Vendor-uniongUniong
Product-webitrWebITR
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')