Lucene search
+L

20 matches found

nvd
nvd
added 2026/07/09 7:16 a.m.6 views

CVE-2026-47826

The blobs.yml path key traversal vulnerability in the BOSH CLI tool allows an attacker to write arbitrary files and exfiltrate sensitive information. Affected versions: BOSH CLI tool versions prior to v7.10.4...

9.1CVSS0.00337EPSS
Exploits0References1
cvelist
cvelist
added 2026/07/09 5:45 a.m.36 views

CVE-2026-47826 blobs.yaml Path Traversal Allows File Writes

The blobs.yml path key traversal vulnerability in the BOSH CLI tool allows an attacker to write arbitrary files and exfiltrate sensitive information. Affected versions: BOSH CLI tool versions prior to v7.10.4...

8.8CVSS0.00337EPSS
Exploits0References1
euvd
euvd
added 2026/07/09 5:45 a.m.6 views

EUVD-2026-42507

The blobs.yml path key traversal vulnerability in the BOSH CLI tool allows an attacker to write arbitrary files and exfiltrate sensitive information. Affected versions: BOSH CLI tool versions prior to v7.10.4...

8.8CVSS7.3AI score0.00337EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/02/17 12:0 a.m.8 views

PT-2026-20237

Name of the Vulnerable Software and Affected Versions Rocket TRUfusion Enterprise versions through 7.10.4.0 Description The Rocket TRUfusion Enterprise reverse proxy is misconfigured, permitting the specification of absolute URLs within HTTP request lines. This configuration flaw allows the proxy...

7.9CVSS5.5AI score0.01249EPSS
Exploits1References15
redhatcve
redhatcve
added 2026/01/09 11:23 a.m.5 views

CVE-2021-31935

OX App Suite 7.10.4 and earlier allows XSS via a crafted distribution list payload in the common name that is mishandled in the scheduling view...

6.1CVSS6AI score0.00944EPSS
Exploits0References1
euvd
euvd
added 2025/11/24 3:30 p.m.6 views

EUVD-2025-198806

iStats contains an insecure XPC service that allows local, unprivileged users to escalate their privileges to root via command injection.This issue affects iStats: 7.10.4...

9.3CVSS6.8AI score0.00572EPSS
Exploits0References4
nvd
nvd
added 2025/11/24 3:15 p.m.6 views

CVE-2025-11921

iStats contains an insecure XPC service that allows local, unprivileged users to escalate their privileges to root via command injection.This issue affects iStats: 7.10.4...

8.5CVSS0.00572EPSS
Exploits0References3
cve
cve
added 2025/11/24 2:22 p.m.24 views

CVE-2025-11921

CVE-2025-11921 affects iStats (iStat Menus) 7.10.4, where an insecure XPC service allows local, unprivileged users to escalate to root via command injection. CVSS indicates local access with high impact on confidentiality, integrity, and availability. Public references identify a patch path; iSta...

8.5CVSS6.9AI score0.00572EPSS
Exploits0References3
cnnvd
cnnvd
added 2025/11/24 12:0 a.m.4 views

Bjango iStats 安全漏洞

Bjango iStats is a system monitoring tool from Bjango Australia. A security vulnerability exists in Bjango iStats version 7.10.4, which originates from an insecure XPC service and could lead to elevation of privilege...

8.5CVSS6.6AI score0.00572EPSS
Exploits0References4
cnnvd
cnnvd
added 2025/10/27 12:0 a.m.4 views

Rocket TRUfusion Enterprise 安全漏洞

Rocket TRUfusion Enterprise is a product lifecycle management platform from Rocket USA. A security vulnerability exists in Rocket TRUfusion Enterprise version 7.10.4.0 and earlier, which stems from not properly cleaning the inputs of the /trufusionPortal/getCobrandingData endpoint, which could le...

8.6CVSS6.4AI score0.01895EPSS
Exploits1References4
ptsecurity
ptsecurity
added 2025/10/02 12:0 a.m.10 views

PT-2025-40350

Name of the Vulnerable Software and Affected Versions TRUfusion Enterprise versions through 7.10.4.0 Description TRUfusion Enterprise through version 7.10.4.0 has an endpoint, /trufusionPortal/jsp/internal admin contact login.jsp, accessible to unauthenticated users. This allows attackers to acce...

7.5CVSS6.5AI score0.17464EPSS
Exploits1References5
ptsecurity
ptsecurity
added 2025/10/02 12:0 a.m.11 views

PT-2025-40349

Name of the Vulnerable Software and Affected Versions TRUfusion Enterprise versions through 7.10.4.0 Description The application uses a static key to encrypt the COOKIEID, which serves as an authentication mechanism for certain endpoints, such as /trufusionPortal/getProjectList. This allows for t...

6.6AI score0.02102EPSS
Exploits1References5
attackerkb
attackerkb
added 2021/07/22 5:15 p.m.2 views

CVE-2021-37402

OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows XSS via binary data that is mishandled when the legacy dataretrieval endpoint has been enabled...

6.1CVSS6.3AI score0.00792EPSS
Exploits0References3
cnnvd
cnnvd
added 2021/07/22 12:0 a.m.7 views

Open-xchange OX App Suite 跨站脚本漏洞

Open-xchange OX App Suite is a set of Web-based cloud desktop environments from Open-Xchange Open-xchange USA. The environment allows users to more intuitively manage email, tasks, files, and more. A cross-site scripting vulnerability exists in OX App Suite, which stems from an XSS vulnerability...

6.1CVSS5.9AI score0.00792EPSS
Exploits0References3
cnvd
cnvd
added 2021/01/13 12:0 a.m.6 views

OX App Suite server-side request forgery vulnerability (CNVD-2021-03039)

OX App Suite is a modular platform designed for telcos, hosting companies and vendors to deliver a wide range of cloud-based services. A server-side request forgery vulnerability exists in OX App Suite 7.10.4. An attacker can exploit this vulnerability to conduct a server-side request forgery...

6.4CVSS6.9AI score0.00759EPSS
Exploits0References1
cnvd
cnvd
added 2021/01/13 12:0 a.m.5 views

OX App Suite Cross-Site Scripting Vulnerability (CNVD-2021-03044)

OX App Suite is a modular platform designed for telcos, hosting companies and vendors to deliver a wide range of cloud-based services. A cross-site scripting vulnerability exists in OX App Suite 7.10.4. An attacker can exploit this vulnerability to conduct a cross-site scripting attack via...

6.1CVSS6.2AI score0.01133EPSS
Exploits0References1
cnvd
cnvd
added 2021/01/13 12:0 a.m.3 views

OX App Suite Cross-Site Scripting Vulnerability (CNVD-2021-03042)

OX App Suite is a modular platform designed for telcos, hosting companies and vendors to deliver a wide range of cloud-based services. A cross-site scripting vulnerability exists in OX App Suite 7.10.4. An attacker could exploit this vulnerability via an inline binary to conduct a cross-site...

6.1CVSS6.2AI score0.01133EPSS
Exploits0References1
osv
osv
added 2021/01/12 10:15 p.m.7 views

CVE-2021-23930

OX App Suite through 7.10.4 allows XSS via use of the conversion API for a distributedFile...

6.1CVSS5.8AI score0.01133EPSS
Exploits0References1
osv
osv
added 2021/01/12 10:15 p.m.5 views

CVE-2021-23931

OX App Suite through 7.10.4 allows XSS via an inline binary file...

6.1CVSS5.8AI score0.01133EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2021/01/12 12:0 a.m.10 views

PT-2021-11068 · Open Xchange · Ox App Suite

Name of the Vulnerable Software and Affected Versions: OX App Suite versions 7.10.4 and earlier Description: The issue allows for XSS via the app loading mechanism, specifically through the PATH INFO to the "/appsuite" URI. Recommendations: For OX App Suite versions 7.10.4 and earlier, update to ...

6.1CVSS6AI score0.06788EPSS
Exploits3References10
Rows per page
Query Builder