TheWoodenBench

2 exploits Active since Mar 2026

CVE-2025-66955 NOMISEC MEDIUM WRITEUP

Asseco SEE Live 2.0 - Path Traversal

Local File Inclusion in Contact Plan, E-Mail, SMS and Fax components in Asseco SEE Live 2.0 allows remote authenticated users to access files on the host via "path" parameter in the downloadAttachment and downloadAttachmentFromPath API calls.

CVSS 6.5

View Code

CVE-2025-66956 NOMISEC CRITICAL WRITEUP

Asseco SEE Live 2.0 - Improper Access Control in Contact Plan, E-Mail, SMS and Fax Components

Insecure Access Control in Contact Plan, E-Mail, SMS and Fax components in Asseco SEE Live 2.0 allows remote attackers to access and execute attachments via a computable URL.

CVSS 9.9

View Code