📦 Traccar

CVE-2024-7746 is a critical authentication bypass vulnerability in Tananaev Solutions Traccar Server that allows attackers to access the administrator panel using default credentials. This affects all...

Traccar GPS tracking system versions 5.1 through 5.12 contain an unrestricted file upload vulnerability in the device image upload API. Attackers can upload arbitrary files with controlled content, na...

This vulnerability allows authenticated users in Traccar GPS tracking systems to steal OAuth 2.0 authorization codes via open redirect in OIDC endpoints. Attackers can redirect these codes to maliciou...

Authenticated users in Traccar GPS tracking system can upload malicious SVG files containing JavaScript, which executes in other users' browsers when they view the image. This cross-site scripting (XS...

This CVE describes a Cross-Site WebSocket Hijacking vulnerability in Traccar GPS tracking system versions up to 6.11.1. Attackers can bypass Same Origin Policy to establish WebSocket connections using...

CVE-2023-50729 is an unrestricted file upload vulnerability in Traccar GPS tracking systems that allows attackers to upload malicious files to arbitrary server locations. When exploited, this can lead...

This vulnerability allows authenticated users in Traccar GPS tracking systems to write files outside the intended media directory by setting a device's uniqueId to an absolute path. Attackers could po...