cert CVE Vulnerabilities & Metrics

Focus on cert vulnerabilities and metrics.

Last updated: 08 Mar 2025, 23:25 UTC

About cert Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with cert. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total cert CVEs: 6
Earliest CVE date: 16 Aug 2022, 22:15 UTC
Latest CVE date: 28 Oct 2024, 16:15 UTC

Latest CVE reference: CVE-2024-10469

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 2

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): 0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): 0.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical cert CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 0.0

Max CVSS: 0

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	6
4.0-6.9	0
7.0-8.9	0
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS cert CVEs

These are the five CVEs with the highest CVSS scores for cert, sorted by severity first and recency.

CVE-2024-10469 cert Published on 28 Oct 2024, 16:15 UTC (CVSS: 0)
VINCE versions before 3.0.9 is vulnerable to exposure of User information to authenticated users.
CVE-2024-9953 cert Published on 14 Oct 2024, 22:15 UTC (CVSS: 0)
A potential denial-of-service (DoS) vulnerability exists in CERT VINCE software versions prior to 3.0.8. An authenticated administrative user can inject an arbitrary pickle object into a user’s profile, which may lead to a DoS condition when the profile is accessed. While the Django server restricts unpickling to prevent server crashes, this vulnerability could still disrupt operations.
CVE-2022-40238 cert Published on 26 Oct 2022, 16:15 UTC (CVSS: 0)
A Remote Code Injection vulnerability exists in CERT software prior to version 1.50.5. An authenticated attacker can inject arbitrary pickle object as part of a user's profile. This can lead to code execution on the server when the user's profile is accessed.
CVE-2022-40257 cert Published on 10 Oct 2022, 20:15 UTC (CVSS: 0)
An HTML injection vulnerability exists in CERT/CC VINCE software prior to 1.50.4. An authenticated attacker can inject arbitrary HTML via a crafted email with HTML content in the Subject field.
CVE-2022-40248 cert Published on 10 Oct 2022, 20:15 UTC (CVSS: 0)
An HTML injection vulnerability exists in CERT/CC VINCE software prior to 1.50.4. An authenticated attacker can inject arbitrary HTML via form using the "Product Affected" field.

All CVEs for cert

CVE-2024-10469 cert vulnerability CVSS: 0 28 Oct 2024, 16:15 UTC

VINCE versions before 3.0.9 is vulnerable to exposure of User information to authenticated users.

CVE-2024-9953 cert vulnerability CVSS: 0 14 Oct 2024, 22:15 UTC

A potential denial-of-service (DoS) vulnerability exists in CERT VINCE software versions prior to 3.0.8. An authenticated administrative user can inject an arbitrary pickle object into a user’s profile, which may lead to a DoS condition when the profile is accessed. While the Django server restricts unpickling to prevent server crashes, this vulnerability could still disrupt operations.

CVE-2022-40238 cert vulnerability CVSS: 0 26 Oct 2022, 16:15 UTC

A Remote Code Injection vulnerability exists in CERT software prior to version 1.50.5. An authenticated attacker can inject arbitrary pickle object as part of a user's profile. This can lead to code execution on the server when the user's profile is accessed.

CVE-2022-40257 cert vulnerability CVSS: 0 10 Oct 2022, 20:15 UTC

An HTML injection vulnerability exists in CERT/CC VINCE software prior to 1.50.4. An authenticated attacker can inject arbitrary HTML via a crafted email with HTML content in the Subject field.

CVE-2022-40248 cert vulnerability CVSS: 0 10 Oct 2022, 20:15 UTC

An HTML injection vulnerability exists in CERT/CC VINCE software prior to 1.50.4. An authenticated attacker can inject arbitrary HTML via form using the "Product Affected" field.

CVE-2022-25799 cert vulnerability CVSS: 0 16 Aug 2022, 22:15 UTC

An open redirect vulnerability exists in CERT/CC VINCE software prior to 1.50.0. An attacker could send a link that has a specially crafted URL and convince the user to click the link. When an authenticated user clicks the link, the authenticated user's browser could be redirected to a malicious site that is designed to impersonate a legitimate website. The attacker could trick the user and potentially acquire sensitive information such as the user's credentials.