Lucene search
K

36 matches found

RedhatCVE
RedhatCVE
added 2026/01/07 9:30 a.m.5 views

CVE-2019-16414

A DOM based XSS in GFI Kerio Control v9.3.0 allows embedding of malicious code and manipulating the login page to send back a victim's cleartext credentials to an attacker via a login/?reason=failure= URI...

6.1CVSS6.2AI score0.01566EPSS
Exploits2References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2019-7156

Malware in sbrugna...

6.1CVSS6.3AI score0.01566EPSS
Exploits2References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-19721

Malicious code in bioql PyPI...

10CVSS6.6AI score0.00691EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-19720

Malicious code in bioql PyPI...

9.8CVSS6.6AI score0.00701EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-19722

Malicious code in bioql PyPI...

9.8CVSS6.6AI score0.00633EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/07/04 2:22 p.m.12 views

CVE-2025-34069

An authentication bypass vulnerability exists in GFI Kerio Control 9.4.5 due to insecure default proxy configuration and weak access control in the GFIAgent service. The non-transparent proxy on TCP port 3128 can be used to forward unauthenticated requests to internal services such as GFIAgent,...

9.8CVSS6.8AI score0.00633EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/07/04 2:22 p.m.15 views

CVE-2025-34071

A remote code execution vulnerability in GFI Kerio Control 9.4.5 allows attackers with administrative access to upload and execute arbitrary code through the firmware upgrade feature. The system upgrade mechanism accepts unsigned .img files, which can be modified to include malicious scripts with...

9.8CVSS8.1AI score0.00701EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/07/04 2:22 p.m.13 views

CVE-2025-34070

A missing authentication vulnerability in the GFIAgent component of GFI Kerio Control 9.4.5 allows unauthenticated remote attackers to perform privileged operations. The GFIAgent service, responsible for integration with GFI AppManager, exposes HTTP services on ports 7995 and 7996 without proper...

10CVSS7AI score0.00691EPSS
Exploits1References1
NVD
NVD
added 2025/07/02 2:15 p.m.8 views

CVE-2025-34069

An authentication bypass vulnerability exists in GFI Kerio Control 9.4.5 due to insecure default proxy configuration and weak access control in the GFIAgent service. The non-transparent proxy on TCP port 3128 can be used to forward unauthenticated requests to internal services such as GFIAgent,...

9.8CVSS0.00633EPSS
Exploits1References2
NVD
NVD
added 2025/07/02 2:15 p.m.5 views

CVE-2025-34070

A missing authentication vulnerability in the GFIAgent component of GFI Kerio Control 9.4.5 allows unauthenticated remote attackers to perform privileged operations. The GFIAgent service, responsible for integration with GFI AppManager, exposes HTTP services on ports 7995 and 7996 without proper...

10CVSS0.00691EPSS
Exploits1References2
NVD
NVD
added 2025/07/02 2:15 p.m.6 views

CVE-2025-34071

A remote code execution vulnerability in GFI Kerio Control 9.4.5 allows attackers with administrative access to upload and execute arbitrary code through the firmware upgrade feature. The system upgrade mechanism accepts unsigned .img files, which can be modified to include malicious scripts with...

9.8CVSS0.00701EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/07/02 1:45 p.m.10 views

CVE-2025-34071 GFI Kerio Control Unsigned System Image Upload Root Code Execution

A remote code execution vulnerability in GFI Kerio Control 9.4.5 allows attackers with administrative access to upload and execute arbitrary code through the firmware upgrade feature. The system upgrade mechanism accepts unsigned .img files, which can be modified to include malicious scripts with...

9.4CVSS0.00701EPSS
Exploits1References2
CVE
CVE
added 2025/07/02 1:45 p.m.32 views

CVE-2025-34071

CVE-2025-34071 affects GFI Kerio Control 9.4.5 where the firmware upgrade feature can be abused to achieve remote code execution. The root cause is an upgrade mechanism that accepts unsigned .img files and does not validate authenticity or integrity, allowing modified upgrades (including scripts ...

9.8CVSS8.2AI score0.00701EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2025/07/02 1:45 p.m.5 views

CVE-2025-34071 GFI Kerio Control Unsigned System Image Upload Root Code Execution

A remote code execution vulnerability in GFI Kerio Control 9.4.5 allows attackers with administrative access to upload and execute arbitrary code through the firmware upgrade feature. The system upgrade mechanism accepts unsigned .img files, which can be modified to include malicious scripts with...

9.4CVSS8.8AI score0.00701EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/07/02 1:44 p.m.4 views

CVE-2025-34070 GFI Kerio Control GFIAgent Missing Authentication on Administrative Interfaces

A missing authentication vulnerability in the GFIAgent component of GFI Kerio Control 9.4.5 allows unauthenticated remote attackers to perform privileged operations. The GFIAgent service, responsible for integration with GFI AppManager, exposes HTTP services on ports 7995 and 7996 without proper...

10CVSS7.6AI score0.00691EPSS
Exploits1References2
CVE
CVE
added 2025/07/02 1:44 p.m.37 views

CVE-2025-34070

GFI Kerio Control 9.4.5 is affected by a missing authentication vulnerability in the GFIAgent component. The GFIAgent service exposes HTTP interfaces on ports 7995 and 7996; the /proxy handler on 7996 can forward requests to administrative endpoints when supplied with an Appliance UUID, which is ...

10CVSS7.1AI score0.00691EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2025/07/02 1:44 p.m.11 views

CVE-2025-34070 GFI Kerio Control GFIAgent Missing Authentication on Administrative Interfaces

A missing authentication vulnerability in the GFIAgent component of GFI Kerio Control 9.4.5 allows unauthenticated remote attackers to perform privileged operations. The GFIAgent service, responsible for integration with GFI AppManager, exposes HTTP services on ports 7995 and 7996 without proper...

10CVSS0.00691EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/07/02 1:44 p.m.3 views

CVE-2025-34069 GFI Kerio Control GFIAgent Authentication Bypass via Proxy Forwarding

An authentication bypass vulnerability exists in GFI Kerio Control 9.4.5 due to insecure default proxy configuration and weak access control in the GFIAgent service. The non-transparent proxy on TCP port 3128 can be used to forward unauthenticated requests to internal services such as GFIAgent,...

9.5CVSS7.6AI score0.00633EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/07/02 1:44 p.m.10 views

CVE-2025-34069 GFI Kerio Control GFIAgent Authentication Bypass via Proxy Forwarding

An authentication bypass vulnerability exists in GFI Kerio Control 9.4.5 due to insecure default proxy configuration and weak access control in the GFIAgent service. The non-transparent proxy on TCP port 3128 can be used to forward unauthenticated requests to internal services such as GFIAgent,...

9.5CVSS0.00633EPSS
Exploits1References2
CVE
CVE
added 2025/07/02 1:44 p.m.33 views

CVE-2025-34069

CVE-2025-34069 – GFI Kerio Control 9.4.5 suffers an authentication bypass caused by an insecure default proxy configuration in the GFIAgent service. The non-transparent proxy on TCP 3128 can forward unauthenticated requests to internal services, exposing GFIAgent endpoints and allowing access to ...

9.8CVSS7AI score0.00633EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder