Every CVE whose affected-product data names Sun.net Ehrd Ctms, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (16)
CVE-2025-54943 — CVSS 9.8 (critical): A missing authorization vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to perform…
CVE-2025-54946 — CVSS 9.8 (critical): A SQL injection vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to execute arbitrary SQL…
CVE-2025-54945 — CVSS 9.8 (critical): An external control of file name or path vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers…
CVE-2024-10440 — CVSS 9.8 (critical): The eHDR CTMS from Sunnet has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL command to…
CVE-2025-54944 — CVSS 9.8 (critical): An unrestricted upload of file with dangerous type vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote…
CVE-2025-54942 — CVSS 9.8 (critical): A missing authentication for critical function vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote…
CVE-2023-24836 — CVSS 8.8 (high): SUNNET CTMS has vulnerability of path traversal within its file uploading function. An authenticated remote attacker with general user…
CVE-2026-7489 — CVSS 8.8 (high): CTMS developed by Sunnet has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to…
CVE-2024-10438 — CVSS 7.5 (high): The eHRD CTMS from Sunnet has an Authentication Bypass vulnerability, allowing unauthenticated remote attackers to bypass authentication by…
CVE-2026-7490 — CVSS 7.2 (high): CTMS and CPAS developed by Sunnet has an Arbitrary File Upload vulnerability, allowing privileged remote attackers to upload and execute…
CVE-2025-3707 — CVSS 6.5 (medium): The eHDR CTMS from Sunnet has a SQL Injection vulnerability, allowing remote attackers with regular privileges to inject arbitrary SQL…
CVE-2025-9569 — CVSS 6.1 (medium): The eHRD developed by Sunnet has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute…
CVE-2025-9567 — CVSS 6.1 (medium): The eHRD developed by Sunnet has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute…
CVE-2025-9568 — CVSS 6.1 (medium): The eHRD developed by Sunnet has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute…
CVE-2024-10439 — CVSS 5.3 (medium): The eHRD CTMS from Sunnet has an Insecure Direct Object Reference (IDOR) vulnerability, allowing unauthenticated remote attackers to modify…
CVE-2025-9570 — CVSS 4.9 (medium): The eHRD CTMS developed by Sunnet has an Arbitrary File Reading vulnerability, allowing remote attackers with administrator privileges to…