Kunbus Gmbh Revolution Pi Pictory vulnerabilities
3 known vulnerabilities affecting kunbus_gmbh/revolution_pi_pictory.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2025-32011P2CRITICALCVSS 9.8≥ 2.5.0, ≤ 2.11.12025-05-01
CVE-2025-32011 [CRITICAL] CWE-305 CVE-2025-32011: KUNBUS PiCtory versions 2.5.0 through 2.11.1 have an authentication bypass vulnerability where a rem
KUNBUS PiCtory versions 2.5.0 through 2.11.1 have an authentication bypass vulnerability where a remote attacker can bypass authentication to get access due to a path traversal.
nvd
CVE-2025-35996P2CRITICALCVSS 9.0≤ 2.11.12025-05-01
CVE-2025-35996 [CRITICAL] CWE-97 CVE-2025-35996: KUNBUS PiCtory version 2.11.1 and earlier are vulnerable when an authenticated remote attacker craft
KUNBUS PiCtory version 2.11.1 and earlier are vulnerable when an authenticated remote attacker crafts a special filename that can be stored by API endpoints. That filename is later transmitted to the client in order to show a list of configuration files. Due to a missing escape or sanitization, the filename could be executed as HTML script tag resu
nvd
CVE-2025-36558P3MEDIUMCVSS 6.1≤ 2.11.12025-05-01
CVE-2025-36558 [MEDIUM] CWE-97 CVE-2025-36558: KUNBUS PiCtory version 2.11.1 and earlier are vulnerable to a cross-site-scripting attack via the ss
KUNBUS PiCtory version 2.11.1 and earlier are vulnerable to a cross-site-scripting attack via the sso_token used for authentication. If an attacker provides the user with a PiCtory URL containing an HTML script as an sso_token, that script will reply to the user and be executed.
nvd