Primakon Project Contract Management — known CVE vulnerabilities
Every CVE whose affected-product data names Primakon Project Contract Management, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (7)
CVE-2025-64063 — CVSS 9.8 (critical): Primakon Pi Portal 1.0.18 API endpoints fail to enforce sufficient authorization checks when processing requests. Specifically, a standard…
CVE-2025-64062 — CVSS 8.8 (high): The Primakon Pi Portal 1.0.18 /api/V2/pp_users?email endpoint is used for user data filtering but lacks proper server-side validation…
CVE-2025-64064 — CVSS 8.8 (high): Primakon Pi Portal 1.0.18 /api/v2/pp_users endpoint fails to adequately check user permissions before processing a PATCH request to modify…
CVE-2025-64065 — CVSS 8.8 (high): The Primakon Pi Portal 1.0.18 API /api/V2/pp_udfv_admin endpoint, fails to perform necessary server-side validation. The administrative…
CVE-2025-64066 — CVSS 8.6 (high): Primakon Pi Portal 1.0.18 REST /api/v2/user/register endpoint suffers from a Broken Access Control vulnerability. The endpoint fails to…
CVE-2025-64067 — CVSS 5.3 (medium): Primakon Pi Portal 1.0.18 API endpoints responsible for retrieving object-specific or filtered data (e.g., user profiles, project records)…
CVE-2025-64061 — CVSS 4.3 (medium): Primakon Pi Portal 1.0.18 /api/v2/users endpoint is vulnerable to unauthorized data exposure due to deficient access control mechanisms…