Icz

icz

9 CVEs • 4 products

Products (4)

Click to collapse

Toggle

CVEs (9)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2026-33273 1Icz 1Matcha Invoice Apr 17, 2026 Apr 8, 2026 5.1 MEDIUM· v4 7.2 HIGH· v3 N/A· v2 Unrestricted upload of file with dangerous type issue exists in MATCHA INVOICE 2.6.6 and earlier. If this vulnerability is exploited, an arbitrary file may be created by an administrator of the product. As a result, arbi...Show more Unrestricted upload of file with dangerous type issue exists in MATCHA INVOICE 2.6.6 and earlier. If this vulnerability is exploited, an arbitrary file may be created by an administrator of the product. As a result, arbitrary code may be executed on the server.Show less
CVE-2026-27787 1Icz 1Matcha Sns Apr 17, 2026 Apr 8, 2026 5.1 MEDIUM· v4 5.4 MEDIUM· v3 N/A· v2 Cross-site scripting vulnerability exists in MATCHA SNS 1.3.9 and earlier. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the website using the product...Show more Cross-site scripting vulnerability exists in MATCHA SNS 1.3.9 and earlier. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the website using the product.Show less
CVE-2026-24913 1Icz 1Matcha Invoice Apr 17, 2026 Apr 8, 2026 8.7 HIGH· v4 8.8 HIGH· v3 N/A· v2 SQL Injection vulnerability exists in MATCHA INVOICE 2.6.6 and earlier. If this vulnerability is exploited, information stored in the database may be obtained or altered by a user who can log in to the product.
CVE-2015-5645 1Icz 1Matchasns May 6, 2026 Oct 6, 2015 N/A· v4 N/A· v3 6.5 MEDIUM· v2 ICZ MATCHA SNS before 1.3.7 allows remote authenticated users to obtain administrative privileges via unspecified vectors.
CVE-2015-5644 1Icz 1Matchasns May 6, 2026 Oct 6, 2015 N/A· v4 N/A· v3 6.8 MEDIUM· v2 The installer in ICZ MATCHA SNS before 1.3.7 does not properly configure the database, which allows remote attackers to execute arbitrary PHP code via unspecified vectors.
CVE-2015-5643 1Icz 1Matchasns May 6, 2026 Oct 6, 2015 N/A· v4 N/A· v3 6.8 MEDIUM· v2 The installer in ICZ MATCHA INVOICE before 2.5.7 does not properly configure the database, which allows remote attackers to execute arbitrary PHP code via unspecified vectors.
CVE-2015-5642 1Icz 1Matchasns May 6, 2026 Oct 6, 2015 N/A· v4 N/A· v3 6.5 MEDIUM· v2 Multiple SQL injection vulnerabilities in ICZ MATCHA INVOICE before 2.5.7 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
CVE-2012-1238 1Icz 1Sencha Sns Apr 29, 2026 Apr 6, 2012 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Session fixation vulnerability in SENCHA SNS before 1.0.2 allows remote attackers to hijack web sessions via unspecified vectors.
CVE-2012-1237 1Icz 1Sencha Sns Apr 29, 2026 Apr 6, 2012 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in SENCHA SNS before 1.0.2 allows remote attackers to hijack the authentication of arbitrary users.