Vulnerabilities > B2Evolution > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-09-28 | CVE-2022-30935 | Use of Insufficiently Random Values vulnerability in B2Evolution An authorization bypass in b2evolution allows remote, unauthenticated attackers to predict password reset tokens for any user through the use of a bad randomness function. | 9.1 |
| 2017-01-23 | CVE-2017-5539 | Path Traversal vulnerability in B2Evolution 6.8.4 The patch for directory traversal (CVE-2017-5480) in b2evolution version 6.8.4-stable has a bypass vulnerability. | 9.0 |