20 matches found
CVE-2026-47826
The blobs.yml path key traversal vulnerability in the BOSH CLI tool allows an attacker to write arbitrary files and exfiltrate sensitive information. Affected versions: BOSH CLI tool versions prior to v7.10.4...
CVE-2026-47826 blobs.yaml Path Traversal Allows File Writes
The blobs.yml path key traversal vulnerability in the BOSH CLI tool allows an attacker to write arbitrary files and exfiltrate sensitive information. Affected versions: BOSH CLI tool versions prior to v7.10.4...
EUVD-2026-42507
The blobs.yml path key traversal vulnerability in the BOSH CLI tool allows an attacker to write arbitrary files and exfiltrate sensitive information. Affected versions: BOSH CLI tool versions prior to v7.10.4...
PT-2026-20237
Name of the Vulnerable Software and Affected Versions Rocket TRUfusion Enterprise versions through 7.10.4.0 Description The Rocket TRUfusion Enterprise reverse proxy is misconfigured, permitting the specification of absolute URLs within HTTP request lines. This configuration flaw allows the proxy...
CVE-2021-31935
OX App Suite 7.10.4 and earlier allows XSS via a crafted distribution list payload in the common name that is mishandled in the scheduling view...
EUVD-2025-198806
iStats contains an insecure XPC service that allows local, unprivileged users to escalate their privileges to root via command injection.This issue affects iStats: 7.10.4...
CVE-2025-11921
iStats contains an insecure XPC service that allows local, unprivileged users to escalate their privileges to root via command injection.This issue affects iStats: 7.10.4...
CVE-2025-11921
CVE-2025-11921 affects iStats (iStat Menus) 7.10.4, where an insecure XPC service allows local, unprivileged users to escalate to root via command injection. CVSS indicates local access with high impact on confidentiality, integrity, and availability. Public references identify a patch path; iSta...
Bjango iStats 安全漏洞
Bjango iStats is a system monitoring tool from Bjango Australia. A security vulnerability exists in Bjango iStats version 7.10.4, which originates from an insecure XPC service and could lead to elevation of privilege...
Rocket TRUfusion Enterprise 安全漏洞
Rocket TRUfusion Enterprise is a product lifecycle management platform from Rocket USA. A security vulnerability exists in Rocket TRUfusion Enterprise version 7.10.4.0 and earlier, which stems from not properly cleaning the inputs of the /trufusionPortal/getCobrandingData endpoint, which could le...
PT-2025-40350
Name of the Vulnerable Software and Affected Versions TRUfusion Enterprise versions through 7.10.4.0 Description TRUfusion Enterprise through version 7.10.4.0 has an endpoint, /trufusionPortal/jsp/internal admin contact login.jsp, accessible to unauthenticated users. This allows attackers to acce...
PT-2025-40349
Name of the Vulnerable Software and Affected Versions TRUfusion Enterprise versions through 7.10.4.0 Description The application uses a static key to encrypt the COOKIEID, which serves as an authentication mechanism for certain endpoints, such as /trufusionPortal/getProjectList. This allows for t...
CVE-2021-37402
OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows XSS via binary data that is mishandled when the legacy dataretrieval endpoint has been enabled...
Open-xchange OX App Suite 跨站脚本漏洞
Open-xchange OX App Suite is a set of Web-based cloud desktop environments from Open-Xchange Open-xchange USA. The environment allows users to more intuitively manage email, tasks, files, and more. A cross-site scripting vulnerability exists in OX App Suite, which stems from an XSS vulnerability...
OX App Suite server-side request forgery vulnerability (CNVD-2021-03039)
OX App Suite is a modular platform designed for telcos, hosting companies and vendors to deliver a wide range of cloud-based services. A server-side request forgery vulnerability exists in OX App Suite 7.10.4. An attacker can exploit this vulnerability to conduct a server-side request forgery...
OX App Suite Cross-Site Scripting Vulnerability (CNVD-2021-03044)
OX App Suite is a modular platform designed for telcos, hosting companies and vendors to deliver a wide range of cloud-based services. A cross-site scripting vulnerability exists in OX App Suite 7.10.4. An attacker can exploit this vulnerability to conduct a cross-site scripting attack via...
OX App Suite Cross-Site Scripting Vulnerability (CNVD-2021-03042)
OX App Suite is a modular platform designed for telcos, hosting companies and vendors to deliver a wide range of cloud-based services. A cross-site scripting vulnerability exists in OX App Suite 7.10.4. An attacker could exploit this vulnerability via an inline binary to conduct a cross-site...
CVE-2021-23930
OX App Suite through 7.10.4 allows XSS via use of the conversion API for a distributedFile...
CVE-2021-23931
OX App Suite through 7.10.4 allows XSS via an inline binary file...
PT-2021-11068 · Open Xchange · Ox App Suite
Name of the Vulnerable Software and Affected Versions: OX App Suite versions 7.10.4 and earlier Description: The issue allows for XSS via the app loading mechanism, specifically through the PATH INFO to the "/appsuite" URI. Recommendations: For OX App Suite versions 7.10.4 and earlier, update to ...