Vulnerabilities > Traccar > Server > Critical

DATE CVE VULNERABILITY TITLE RISK
2019-01-09 CVE-2019-5748 XXE vulnerability in Traccar Server 4.2
In Traccar Server version 4.2, protocol/SpotProtocolDecoder.java might allow XXE attacks.
network
low complexity
traccar CWE-611
critical
 9.8
9.8
2018-12-20 CVE-2018-1000881 Code Injection vulnerability in Traccar Server
Traccar Traccar Server version 4.0 and earlier contains a CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability in ComputedAttributesHandler.java that can result in Remote Command Execution.
network
low complexity
traccar CWE-94
critical
 9.8
9.8