cbcvebase.

Bluspark Global Bluvoyix vulnerabilities

5 known vulnerabilities affecting bluspark_global/bluvoyix.

Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH1MEDIUM1

Vulnerabilities

Page 1 of 1
CVE-2026-22238P2CRITICALCVSS 9.8v02026-01-14
CVE-2026-22238 [CRITICAL] CWE-269 CVE-2026-22238: The vulnerability exists in BLUVOYIX due to improper authentication in the BLUVOYIX admin APIs. An u The vulnerability exists in BLUVOYIX due to improper authentication in the BLUVOYIX admin APIs. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable admin API to create a new user with admin privileges. Successful exploitation of this vulnerability could allow the attacker
nvd
CVE-2026-22236P2CRITICALCVSS 9.8v02026-01-14
CVE-2026-22236 [CRITICAL] CWE-287 CVE-2026-22236: The vulnerability exists in BLUVOYIX due to improper authentication in the BLUVOYIX backend APIs. An The vulnerability exists in BLUVOYIX due to improper authentication in the BLUVOYIX backend APIs. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable APIs. Successful exploitation of this vulnerability could allow the attacker to gain full access to customers' data and co
nvd
CVE-2026-22237P2CRITICALCVSS 9.8v02026-01-14
CVE-2026-22237 [CRITICAL] CWE-200 CVE-2026-22237: The vulnerability exists in BLUVOYIX due to the exposure of sensitive internal API documentation. An The vulnerability exists in BLUVOYIX due to the exposure of sensitive internal API documentation. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the APIs exposed by the documentation. Successful exploitation of this vulnerability could allow the attacker to cause damage to the targ
nvd
CVE-2026-22240P3HIGHCVSS 7.5v02026-01-14
CVE-2026-22240 [HIGH] CWE-200 CVE-2026-22240: The vulnerability exists in BLUVOYIX due to an improper password storage implementation and subseque The vulnerability exists in BLUVOYIX due to an improper password storage implementation and subsequent exposure via unauthenticated APIs. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable users API to retrieve the plaintext passwords of all user users. Successful exploitati
nvd
CVE-2026-22239P4MEDIUMCVSS 5.3v02026-01-14
CVE-2026-22239 [MEDIUM] CWE-400 CVE-2026-22239: The vulnerability exists in BLUVOYIX due to design flaws in the email sending API. An unauthenticate The vulnerability exists in BLUVOYIX due to design flaws in the email sending API. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable email sending API. Successful exploitation of this vulnerability could allow the attacker to send unsolicited emails to anyone on behalf of
nvd
Bluspark Global Bluvoyix vulnerabilities | cvebase