CVE-2025-30406

Gladinet CentreStack through 16.1.10296.56315 fixed in 16.4.10315.56368 has a deserialization vulnerability due to the CentreStack portal's hardcoded machineKey use, as exploited in the wild in March 2025. This enables threat actors who know the machineKey to serialize a payload for server-side...

CVE-2025-30406

Gladinet CentreStack through 16.1.10296.56315 fixed in 16.4.10315.56368 has a deserialization vulnerability due to the CentreStack portal’s hardcoded machineKey use, as exploited in the wild in March 2025. This enables threat actors who know the machineKey to serialize a payload for server-side...

CVE-2024-37783

A reflected cross-site scripting XSS vulnerability in Gladinet CentreStack v13.12.9934.54690 allows attackers to inject malicious JavaScript into the web browser of a victim via the sessionId parameter at /portal/ForgotPassword.aspx...

CVE-2024-37782

An LDAP injection vulnerability in the login page of Gladinet CentreStack v13.12.9934.54690 allows attackers to access sensitive data or execute arbitrary commands via a crafted payload injected into the username field...

CVE-2024-37783

CVE-2024-37783 is a reflected XSS vulnerability in Gladinet CentreStack v13.12.9934.54690. The issue can inject malicious JavaScript into a victim’s browser via the sessionId parameter at /portal/ForgotPassword.aspx. Affected component is the ForgotPassword flow; root cause is reflected XSS; CVSS...

CVE-2024-37783

A reflected cross-site scripting XSS vulnerability in Gladinet CentreStack v13.12.9934.54690 allows attackers to inject malicious JavaScript into the web browser of a victim via the sessionId parameter at /portal/ForgotPassword.aspx...

PT-2024-27749 · Gladinet · Gladinet Centrestack

Name of the Vulnerable Software and Affected Versions: Gladinet CentreStack version 13.12.9934.54690 Description: The issue allows attackers to access sensitive data or execute arbitrary commands via a crafted payload injected into the username field in the login page. Recommendations: For Gladin...

CVE-2024-37782

An LDAP injection vulnerability in the login page of Gladinet CentreStack v13.12.9934.54690 allows attackers to access sensitive data or execute arbitrary commands via a crafted payload injected into the username field...

Gladinet CentreStack 安全漏洞

Gladinet CentreStack is a premier mobile access and secure sharing solution from Gladinet USA. Provides self-hosted cloud storage. A security vulnerability exists in Gladinet CentreStack version v13.12.9934.54690. An attacker exploiting this vulnerability could access sensitive data or execute...

PT-2024-27750 · Gladinet · Gladinet Centrestack

Name of the Vulnerable Software and Affected Versions: Gladinet CentreStack version 13.12.9934.54690 Description: A reflected cross-site scripting XSS issue allows attackers to inject malicious JavaScript into a victim's web browser via the sessionId parameter at the "/portal/ForgotPassword.aspx"...

CVE-2024-37783

A reflected cross-site scripting XSS vulnerability in Gladinet CentreStack v13.12.9934.54690 allows attackers to inject malicious JavaScript into the web browser of a victim via the sessionId parameter at /portal/ForgotPassword.aspx...

CVE-2024-37782

An LDAP injection vulnerability in the login page of Gladinet CentreStack v13.12.9934.54690 allows attackers to access sensitive data or execute arbitrary commands via a crafted payload injected into the username field...

CVE-2024-37782

CVE-2024-37782 : LDAP injection flaw in the login page of Gladinet CentreStack v13.12.9934.54690, where a crafted payload in the username field can allow attackers to access sensitive data or execute arbitrary commands. Connected sources confirm the affected product/version and the injection vect...

Gladinet CentreStack 安全漏洞

Gladinet CentreStack is a premier mobile access and secure sharing solution from Gladinet USA. Provides self-hosted cloud storage. A security vulnerability exists in Gladinet CentreStack version v13.12.9934.54690. An attacker exploiting this vulnerability could inject malicious JavaScript into a...

CVE-2023-26830

An unrestricted file upload vulnerability in the administrative portal branding component of Gladinet CentreStack before 13.5.9808 allows authenticated attackers to execute arbitrary code by uploading malicious files to the server...

CVE-2023-26829

An authentication bypass vulnerability in the Password Reset component of Gladinet CentreStack before 13.5.9808 allows remote attackers to set a new password for any valid user account, without needing the previous known password, resulting in a full authentication bypass...

CVE-2023-26829

An authentication bypass vulnerability in the Password Reset component of Gladinet CentreStack before 13.5.9808 allows remote attackers to set a new password for any valid user account, without needing the previous known password, resulting in a full authentication bypass...

Unrestricted file upload

An unrestricted file upload vulnerability in the administrative portal branding component of Gladinet CentreStack before 13.5.9808 allows authenticated attackers to execute arbitrary code by uploading malicious files to the server...

Gladinet CentreStack 代码问题漏洞

Gladinet CentreStack is a premier mobile access and secure sharing solution from Gladinet USA. Provides self-hosted cloud storage. A security vulnerability exists in Gladinet CentreStack versions prior to 13.5.9808. An attacker could exploit the vulnerability to execute arbitrary code by uploadin...

CVE-2023-26830

CVE-2023-26830 covers an unrestricted file upload flaw in the Gladinet CentreStack administrative portal branding component, affecting versions prior to 13.5.9808 . The vulnerability allows an authenticated attacker to upload malicious files to the server and execute arbitrary code. The issue is ...