Browse all 3 CVE security advisories affecting icret. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Icret primarily develops network monitoring and security solutions for enterprises. Historically, its products have been susceptible to remote code execution, cross-site scripting, and privilege escalation vulnerabilities, often stemming from insufficient input validation and authentication flaws. The company has addressed three CVEs to date, with notable issues including RCE in web interfaces and insecure default configurations. While no major public security incidents have been documented, the consistent pattern of vulnerabilities in web components suggests a need for enhanced secure coding practices. Icret's solutions remain in use despite these historical weaknesses, indicating that organizations prioritize functionality over security in their deployment decisions.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-13415 | icret EasyImages SVG Image upload.php cross site scripting — EasyImagesCWE-79 | 3.5 | Low | 2025-11-19 |
| CVE-2023-7098 | icret EasyImages hide.php path traversal — EasyImagesCWE-24 | 3.1 | Low | 2023-12-25 |
| CVE-2023-1181 | Cross-site Scripting (XSS) - Stored in icret/easyimages2.0 — icret/easyimages2.0CWE-79 | 5.4 | - | 2023-03-05 |
This page lists every published CVE security advisory associated with icret. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.