CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2023-5777 – Weintek EasyBuilder Pro Use of Hard-coded Credentials
https://notcve.org/view.php?id=CVE-2023-5777
06 Nov 2023 — Weintek EasyBuilder Pro contains a vulnerability that, even when the private key is immediately deleted after the crash report transmission is finished, the private key is exposed to the public, which could result in obtaining remote control of the crash report server. Weintek EasyBuilder Pro contiene una vulnerabilidad que, incluso cuando la clave privada se elimina inmediatamente después de finalizar la transmisión del informe de fallos, la clave privada queda expuesta al público, lo que podría resultar e... • https://www.cisa.gov/news-events/ics-advisories/icsa-23-306-05 • CWE-798: Use of Hard-coded Credentials •
CVSS: 9.3EPSS: 0%CPEs: 2EXPL: 0CVE-2023-0104
https://notcve.org/view.php?id=CVE-2023-0104
22 Feb 2023 — The listed versions for Weintek EasyBuilder Pro are vulnerable to a ZipSlip attack caused by decompiling a malicious project file. This may allow an attacker to gain control of the user’s computer or gain access to sensitive data. • https://www.cisa.gov/uscert/ics/advisories/icsa-23-045-01 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-29: Path Traversal: '\..\filename' •