Every CVE whose affected-product data names Sick Field Analytics, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (12)
CVE-2025-49199 — CVSS 8.8 (high): The backup ZIPs are not signed by the application, leading to the possibility that an attacker can download a backup ZIP, modify and…
CVE-2025-49184 — CVSS 7.5 (high): A remote unauthorized attacker may gather sensitive information of the application, due to missing authorization of configuration settings…
CVE-2025-49200 — CVSS 6.5 (medium): The created backup files are unencrypted, making the application vulnerable for gathering sensitive information by downloading and…
CVE-2025-49196 — CVSS 6.5 (medium): A service supports the use of a deprecated and unsafe TLS version. This could be exploited to expose sensitive information, modify data in…
CVE-2025-49185 — CVSS 5.5 (medium): The web application is susceptible to cross-site-scripting attacks. An attacker who can create new dashboard widgets can inject malicious…
CVE-2025-49188 — CVSS 5.3 (medium): The application sends user credentials as URL parameters instead of POST bodies, making it vulnerable to information gathering.
CVE-2025-49186 — CVSS 5.3 (medium): The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it…
CVE-2025-49187 — CVSS 5.3 (medium): For failed login attempts, the application returns different error messages depending on whether the login failed due to an incorrect…
CVE-2025-49191 — CVSS 4.8 (medium): Linked URLs during the creation of iFrame widgets and dashboards are vulnerable to code execution. The URLs get embedded as iFrame widgets…
CVE-2025-49190 — CVSS 4.3 (medium): The application is vulnerable to Server-Side Request Forgery (SSRF). An endpoint can be used to send server internal requests to other…
CVE-2025-49192 — CVSS 4.3 (medium): The web application is vulnerable to clickjacking attacks. The site can be embedded into another frame, allowing an attacker to trick a…
CVE-2025-49193 — CVSS 4.2 (medium): The application fails to implement several security headers. These headers help increase the overall security level of the web application…