📦 Evolution

CVE-2024-29844 is a critical authentication bypass vulnerability in Evolution Controller 2.x web interface that allows attackers to log in using default credentials. This affects all Evolution Control...

The Evolution Controller web interface contains an access control vulnerability in the MOBILE_GET_USERS_LIST endpoint that allows unauthenticated attackers to enumerate all users and their access leve...

This vulnerability allows unauthenticated attackers to access administrator functionality in Evolution Controller's web interface when any user is already signed in. It affects Evolution Controller ve...

The Evolution Controller web interface has an access control vulnerability in the DESKTOP_EDIT_USER_GET_CARD endpoint that allows unauthenticated attackers to retrieve card value data for any user. Th...

The Evolution Controller web interface contains an access control vulnerability in the DESKTOP_EDIT_USER_GET_KEYS_FIELDS endpoint that allows unauthenticated attackers to retrieve sensitive keys data ...