Vulnerabilities > Synel
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-03 | CVE-2023-37220 | Download of Code Without Integrity Check vulnerability in Synel products Synel Terminals - CWE-494: Download of Code Without Integrity Check | 9.8 |
| 2023-07-30 | CVE-2023-32227 | Use of Hard-coded Credentials vulnerability in Synel Synergy/A Firmware Synel SYnergy Fingerprint Terminals - CWE-798: Use of Hard-coded Credentials | 9.8 |
| 2023-07-30 | CVE-2023-37213 | OS Command Injection vulnerability in Synel Synergy/A Firmware Synel SYnergy Fingerprint Terminals - CWE-78: 'OS Command Injection' | 9.8 |
| 2022-09-13 | CVE-2022-36778 | Cross-site Scripting vulnerability in Synel Eharmony 8.0.2.3 insert HTML / js code inside input how to get to the vulnerable input : Workers > worker nickname > inject in this input the code. | 5.4 |
| 2022-01-28 | CVE-2022-22790 | Path Traversal vulnerability in Synel Eharmony 8.0.2.3 SYNEL - eharmony Directory Traversal. | 7.5 |
| 2022-01-28 | CVE-2022-22791 | Cross-site Scripting vulnerability in Synel Eharmony 8.0.2.3 SYNEL - eharmony Authenticated Blind & Stored XSS. | 5.4 |
| 2021-12-08 | CVE-2021-36718 | Improper Authentication vulnerability in Synel Eharmonynew and Synel Reports SYNEL - eharmonynew / Synel Reports - The attacker can log in to the system with default credentials and export a report of eharmony system with sensetive data (Employee name, Employee ID number, Working hours etc') The vulnerabilety has been addressed and fixed on version 11. | 6.5 |