Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Synchroweb Subscribe
Total 4 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2025-11190 1 Synchroweb 1 Kiwire 2025-11-17 N/A 5.4 MEDIUM
The Kiwire Captive Portal contains an open redirection issue via the login-url parameter, allowing an attacker to redirect users to an attacker controlled website.
CVE-2025-11189 1 Synchroweb 1 Kiwire 2025-11-17 N/A 7.3 HIGH
The Kiwire Captive Portal contains a reflected cross-site scripting (XSS) vulnerability within the login-url parameter, allowing for Javascript execution.
CVE-2025-11188 1 Synchroweb 1 Kiwire 2025-11-14 N/A 7.3 HIGH
The Kiwire Captive Portal contains a blind SQL injection in the nas-id parameter, allowing for SQL commands to be issued and to compromise the corresponding database.
CVE-2013-2690 1 Synchroweb 1 Synconnect 2025-04-11 7.5 HIGH N/A
SQL injection vulnerability in index.php in Synchroweb Technology SynConnect 2.0 allows remote attackers to execute arbitrary SQL commands via the loginid parameter in a logoff action.