EUVD-2026-16779

FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Prior to 1.5.10.1812, the listing tables on multiple management pages Host, Storage, Group, Image, Printer, Snapin are vulnerable to Stored Cross-Site Scripting XSS, due to insufficient server-side parameter...

CVE-2026-24138

FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Versions 1.5.10.1754 and below contain an unauthenticated SSRF vulnerability in getversion.php which can be triggered by providing a user-controlled url parameter. It can be used to fetch both internal websites an...

VulnCheck KEV: CVE-2024-39914

FOG is a cloning/imaging/rescue suite/inventory management system. Prior to 1.5.10.34, packages/web/lib/fog/reportmaker.class.php in FOG was affected by a command injection via the filename parameter to /fog/management/export.php. This vulnerability is fixed in 1.5.10.34...

CVE-2024-42348 FOG leaks sensitive information (AD domain, username and password)

FOG is a cloning/imaging/rescue suite/inventory management system. FOG Server 1.5.10.41.2 can leak AD username and password when registering a computer. This vulnerability is fixed in 1.5.10.41.3 and 1.6.0-beta.1395...

CVE-2024-39916

FOG is a free open-source cloning/imaging/rescue suite/inventory management system. There is a security issue with the NFS configuration in /etc/exports generated by the installer that allows an attacker to modify files outside the export in the default installation. The exports have the...

Fog Imaging System 0.32 Cross Site Scripting

Vulnerability title: Multiple Stored Cross-Site scripting CVE: CVE-2014-3111 Vendor: FOG Project Product: FOG Imaging system Affected version: 0.27 – 0.32latest Fixed version: N/A Reported by: Dolev Farhi ---------------------------- VULNERABILITY Details: ---------------------------- Latest and...