BLUVOYIX Password Exposure Vulnerability via Unauthenticated APIs

Vulnerability

A vulnerability in BLUVOYIX exists due to improper password storage and exposure through unauthenticated APIs. This allows remote attackers to send crafted HTTP requests to the users API, retrieving plaintext passwords of all users. Exploitation could lead to full access to customer data and complete compromise of the platform by logging in with an exposed admin email and password.

Impact

Successful exploitation allows access to all user plaintext passwords, leading to unauthorized access to customer data and potential full compromise of the platform using an admin account.

Added: Jan 14, 2026, 3:19 PM

Updated: Jan 14, 2026, 4:29 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

4.4

remediation

0.0

relevance

2.1

threat

0.0

urgency

10.0

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

4.4

remediation

0.0

relevance

2.1

threat

0.0

urgency

10.0

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

BLUVOYIX Password Exposure Vulnerability via Unauthenticated APIs

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating