Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

changeweb

Source -

CNANVD

BOS Name -

N/A

CNA CVEs -

1

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

7
Related CVEsRelated ProductsRelated AssignersReports
8Vulnerabilities found
CVE-2025-46203
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.02% / 4.08%
||
7 Day CHG~0.00%
Published-04 Jun, 2025 | 00:00
Updated-10 Jun, 2025 | 15:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in Unifiedtransform v2.0 allows a remote attacker to escalate privileges via the /students/edit/{id} endpoint.

Action-Not Available
Vendor-changewebn/a
Product-unifiedtransformn/a
CWE ID-CWE-266
Incorrect Privilege Assignment
CVE-2025-46204
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.02% / 4.08%
||
7 Day CHG~0.00%
Published-04 Jun, 2025 | 00:00
Updated-10 Jun, 2025 | 15:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in Unifiedtransform v2.0 allows a remote attacker to escalate privileges via the /course/edit/{id} endpoint.

Action-Not Available
Vendor-changewebn/a
Product-unifiedtransformn/a
CWE ID-CWE-266
Incorrect Privilege Assignment
CVE-2024-2292
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.1||HIGH
EPSS-0.04% / 9.55%
||
7 Day CHG+0.01%
Published-20 Mar, 2025 | 10:09
Updated-20 Mar, 2025 | 18:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Access Control Vulnerabilities lead to Violation of Privacy and Modification of Personal Data

Due to a lack of access control, unauthorized users are able to view and modify information pertaining to other users.

Action-Not Available
Vendor-changeweb
Product-changeweb/unifiedtransform
CWE ID-CWE-284
Improper Access Control
CVE-2025-25615
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-6||MEDIUM
EPSS-0.31% / 53.33%
||
7 Day CHG~0.00%
Published-10 Mar, 2025 | 00:00
Updated-13 Mar, 2025 | 18:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unifiedtransform 2.0 is vulnerable to Incorrect Access Control which allows viewing attendance list for all class sections.

Action-Not Available
Vendor-changewebn/a
Product-unifiedtransformn/a
CWE ID-CWE-284
Improper Access Control
CVE-2025-25616
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.6||HIGH
EPSS-0.22% / 44.62%
||
7 Day CHG~0.00%
Published-10 Mar, 2025 | 00:00
Updated-13 Mar, 2025 | 18:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unifiedtransform 2.0 is vulnerable to Incorrect Access Control, which allows students to modify rules for exams. The affected endpoint is /exams/edit-rule?exam_rule_id=1.

Action-Not Available
Vendor-changewebn/a
Product-unifiedtransformn/a
CWE ID-CWE-284
Improper Access Control
CVE-2025-25620
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.09% / 26.64%
||
7 Day CHG~0.00%
Published-10 Mar, 2025 | 00:00
Updated-23 Jun, 2025 | 19:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unifiedtransform 2.0 is vulnerable to Cross Site Scripting (XSS) in the Create assignment function.

Action-Not Available
Vendor-changewebn/a
Product-unifiedtransformn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-25614
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.10% / 28.51%
||
7 Day CHG~0.00%
Published-10 Mar, 2025 | 00:00
Updated-23 Jun, 2025 | 18:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect Access Control in Unifiedtransform 2.0 leads to Privilege Escalation, which allows teachers to update the personal data of fellow teachers.

Action-Not Available
Vendor-changewebn/a
Product-unifiedtransformn/a
CWE ID-CWE-284
Improper Access Control
CVE-2024-53573
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.09% / 26.20%
||
7 Day CHG~0.00%
Published-26 Feb, 2025 | 00:00
Updated-07 Apr, 2025 | 18:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unifiedtransform v2.X is vulnerable to Incorrect Access Control. Unauthorized users can access and manipulate endpoints intended exclusively for administrative use. This issue specifically affects teacher/edit/{id}.

Action-Not Available
Vendor-changewebn/a
Product-unifiedtransformn/a
CWE ID-CWE-284
Improper Access Control