Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

ethyca — Vulnerabilities & Security Advisories 20

Browse all 20 CVE security advisories affecting ethyca. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Ethyca operates as a data privacy platform, primarily facilitating automated data subject access requests and managing consumer consent across enterprise environments. Security audits have identified twenty recorded Common Vulnerabilities and Exposures (CVEs) associated with its infrastructure, revealing a pattern of critical flaws. These vulnerabilities predominantly involve remote code execution and cross-site scripting, which attackers can exploit to compromise system integrity or steal sensitive user data. Additionally, instances of broken access control and privilege escalation have been documented, allowing unauthorized users to bypass security boundaries and access restricted resources. While specific major public breaches directly attributed to Ethyca remain limited in public reporting, the high volume of CVEs indicates significant historical weaknesses in input validation and authentication mechanisms. This track record suggests that the platform has faced substantial challenges in maintaining robust security postures against common web application attacks, necessitating rigorous patching and continuous monitoring to mitigate ongoing risks.

Found 20 results / 20Clear Filters
Top products by ethyca: fides
CVE IDTitleCVSSSeverityPublished
CVE-2025-57817 Fides Webserver API is Vulnerable to OAuth Client Privilege Escalation — fidesCWE-862 7.2AIHighAI2025-09-08
CVE-2025-57816 Fides Webserver API Rate Limiting Vulnerability in Proxied Environments — fidesCWE-799 7.5AIHighAI2025-09-08
CVE-2025-57766 Fides's Admin UI User Password Change Does Not Invalidate Current Session — fidesCWE-613 9.8AICriticalAI2025-09-08
CVE-2025-57815 Fides Lacks Brute-Force Protections on Authentication Endpoints — fidesCWE-307 9.8AICriticalAI2025-09-08
CVE-2024-52008 Password Policy Bypass Vulnerability in Fides Webserver — fidesCWE-602 6.5AIMediumAI2024-11-26
CVE-2024-45053 Remote Code Execution Vulnerability via SSTI in Fides Webserver Jinja Email Templating Engine — fidesCWE-1336 9.1 Critical2024-09-04
CVE-2024-45052 Fides Webserver Authentication Timing-Based Username Enumeration Vulnerability — fidesCWE-208 5.3 Medium2024-09-04
CVE-2024-31223 Fides Information Disclosure Vulnerability in Privacy Center of SERVER_SIDE_FIDES_API_URL — fidesCWE-497 5.3 Medium2024-07-03
CVE-2024-38537 Inclusion of Untrusted polyfill.io Code Vulnerability in fides.js — fidesCWE-829--2024-07-02
CVE-2024-35189 Sensitive Data Disclosure Vulnerability in Connection Configuration Endpoints in Fides — fidesCWE-201 6.5 Medium2024-05-30
CVE-2024-34715 Partial Password Exposure Vulnerability in Fides Webserver Logs — fidesCWE-532 2.3 Low2024-05-29
CVE-2023-48224 Cryptographically Weak Generation of One-Time Codes for Identity Verification in ethyca-fides — fidesCWE-338 8.2 High2023-11-15
CVE-2023-47114 Ethyca Fides HTML Injection Vulnerability in HTML-Formatted DSR Packages — fidesCWE-79 4.3 Medium2023-11-08
CVE-2023-46124 Server-Side Request Forgery Vulnerability in Custom Integration Upload — fidesCWE-918 8.2 High2023-10-24
CVE-2023-46125 Fides Information Disclosure Vulnerability in Config API Endpoint — fidesCWE-200 6.5 Medium2023-10-24
CVE-2023-46126 Fides JavaScript Injection Vulnerability in Privacy Center URL — fidesCWE-79 3.9 Low2023-10-24
CVE-2023-41319 Remote Code Execution in Custom Integration Upload in Fides — fidesCWE-94 8.8 High2023-09-06
CVE-2023-37480 Fides Webserver Vulnerable to Zip Bomb File Uploads — fidesCWE-400 2.7 Low2023-07-18
CVE-2023-37481 Fides Webserver Vulnerable to SVG Bomb File Uploads — fidesCWE-400 2.7 Low2023-07-18
CVE-2023-36827 Fides vulnerable to Path Traversal in Webserver API — fidesCWE-22 7.5 High2023-07-05

This page lists every published CVE security advisory associated with ethyca. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.