Research

Ta strona przedstawia wybrane podatności wykryte przez zespół AFINE, które zostały upublicznione oraz nadano im numer CVE. Większość naszych odkryć jest jednak adresowana bezpośrednio do naszych klientów i nie jest publikowana, aby zapewnić poufność oraz ich bezpieczeństwo.

Date CVE Topic Details
17/10/2024 ⚠️ CVE-2024-50312 Information Disclosure via GraphQL Introspection in OpenShift Link
17/10/2024 ⚠️ CVE-2024-50311 OpenShift Denial of Service (DoS) Link
31/07/2024 ⚠️ CVE-2024-41955 Open Redirect in Login Redirect in MobSF <= 4.0.4 Link
28/06/2024 ⚠️ CVE-2024-28797 Stored Cross-site Scripting in IBM InfoSphere DataStage Designer < 11.7.4 Link
28/06/2024 ⚠️ CVE-2024-28795 Stored Cross-site Scripting in IBM InfoSphere Information Server < 11.7 Link
28/06/2024 ⚠️ CVE-2024-28794 Stored Cross-site Scripting in IBM InfoSphere Information Server < 11.7 Link
28/06/2024 ⚠️ CVE-2024-5737 AdmirorFrames Joomla! Extension < 5.0 – HTML Injection Link
28/06/2024 ⚠️ CVE-2024-5736 AdmirorFrames Joomla! Extension < 5.0 – Server-Side Request Forgery Link
28/06/2024 ⚠️ CVE-2024-5735 AdmirorFrames Joomla! Extension < 5.0 – Full Path Disclosure Link
24/05/2024 ⚠️ CVE-2024-2218 LuckyWP Table of Contents <= 2.1.4 – Admin+ Stored XSS Link
08/05/2024 ⚠️ CVE-2024-3050 Site Reviews < 7.0.0 – IP Spoofing Link
09/05/2024 ⚠️ CVE-2024-3459 KioWare for Windows environment escape Link
09/05/2024 ⚠️ CVE-2024-3460 KioWare for Windows security control bypass Link
09/05/2024 ⚠️ CVE-2024-3461 KioWare for Windows PIN brute force Link
18/03/2024 ⚠️ CVE-2024-1606 HTML injection in BMC Control-M Link
18/03/2024 ⚠️ CVE-2024-1605 DLL side-loading in BMC Control-M Link
18/03/2024 ⚠️ CVE-2024-1604 Incorrect authorization in BMC Control-M Link
14/02/2024 ⚠️ CVE-2024-0010 PAN-OS: Reflected Cross-Site Scripting (XSS) Vulnerability in GlobalProtect Portal Link
07/02/2024 ⚠️ CVE-2024-24816 Cross-site scripting (XSS) in CKEditor4 samples with the preview feature enabled Link
11/01/2024 ⚠️ CVE-2023-5118 Stored XSS in Kofax Capture software Link
21/12/2023 ⚠️ CVE-2023-4925 Easy Forms for Mailchimp <= 6.8.10 – Admin+ Stored Cross-Site Scripting Link
12/12/2023 ⚠️ CVE-2023-45184 Decryption key disclosure in IBM i Access Client Solutions due to improper authority checks Link
12/12/2023 ⚠️ CVE-2023-45182 Possibility to decrypt password-encryption key in IBM i Access Client Solutions allowing attacker to obtain passwords to other systems Link
12/12/2023 ⚠️ CVE-2023-45185 Remote Code Execution in IBM i Access Client Solutions Link
12/12/2023 ⚠️ CVE-2023-4932 Reflected Cross-Site Scripting in SAS 9.4 Link
06/11/2023 ⚠️ CVE-2023-5958 POST SMTP Mailer < 2.7.1 – Unauthenticated Cross-site Scripting Link
06/11/2023 ⚠️ CVE-2023-5209 Bookly < 22.5 – Admin+ Stored XSS Link
08/08/2023 ⚠️ CVE-2023-35359 Windows Kernel Elevation of Privilege Vulnerability Link
25/07/2023 ⚠️ CVE-2023-39062 Cross Site Scripting vulnerability in Spipu HTML2PDF before v.5.2.8 Link
02/10/2023 ⚠️ CVE-2023-38419 Denial of Service of Big-IQ iControl SOAP daemon by an attacker with guest privileges Link
02/10/2023 ⚠️ CVE-2023-38138 Reflected Cross-site Scripting in BIG-IP Configuration utility Link
13/06/2023 ⚠️ CVE-2023-35840 elFinder < 2.1.62 – Path Traversal vulnerability in PHP LocalVolumeDriver connector Link
20/03/2023 ⚠️ CVE-2023-1478 Hummingbird < 3.4.2 – Unauthenticated Path Traversal Link
16/03/2023 ⚠️ CVE-2023-28530 IBM Cognos Analytics – Stored cross-site scripting caused by improper validation of SVG Files in Custom Visualizations Link
18/10/2022 ⚠️ CVE-2022-40746 OwnCloud URL spoofing in password reset mail Link
16/09/2022 ⚠️ CVE-2022-40746 IBM i Access Client Solutions is vulnerable to DLL hijacking when run on a Windows operating system Link
25/07/2022 ⚠️ CVE-2022-36433 Cross-site Scripting (XSS) in blog-post creation functionality in Amasty Blog Pro for Magento 2 Link
25/07/2022 ⚠️ CVE-2022-36432 Cross-site Scripting (XSS) in Preview functionality in Amasty Blog Pro for Magento 2 Link
11/07/2022 ⚠️ CVE-2022-35501 Stored Cross-site Scripting (XSS) in blog-post creation functionality in Amasty Blog Pro for Magento 2 Link
11/07/2022 ⚠️ CVE-2022-35500 Stored Cross-site Scripting (XSS) in leave comment functionality in Amasty Blog Pro for Magento 2 Link
11/07/2022 ⚠️ CVE-2022-35642 IBM InfoSphere Information Server is vulnerable to stored cross-site scripting Link
12/05/2022 ⚠️ CVE-2022-30615 IBM InfoSphere Information Server is vulnerable to cross-site scripting Link
28/06/2021 ⚠️ CVE-2021-34254 Open Redirection (OurUmbraco) Link
16/06/2021 ⚠️ CVE-2021-3584 Server-side remote code execution (Foreman) Link
08/06/2021 ⚠️ CVE-2021-1675 Windows Print Spooler Elevation of Privilege Vulnerability Link
07/06/2021 ⚠️ CVE-2021-24378 Authenticated Stored XSS (Autoptimize) Link
07/06/2021 ⚠️ CVE-2021-24377 Race Condition leading to RCE (Autoptimize) Link
07/06/2021 ⚠️ CVE-2021-24376 Arbitrary File Upload (Autoptimize) Link
13/05/2021 ⚠️ CVE-2021-21559 Dell EMC NetWorker Security Update for Multiple Vulnerabilities Link
13/05/2021 ⚠️ CVE-2021-21558 Dell EMC NetWorker Security Update for Multiple Vulnerabilities Link
25/09/2020 ⚠️ CVE-2020-25130 SQL Injection (Observium) Link
25/09/2020 ⚠️ CVE-2020-25131 Cross-Site Scripting (Observium) Link
25/09/2020 ⚠️ CVE-2020-25132 SQL Injection (Observium) Link
25/09/2020 ⚠️ CVE-2020-25133 Authenticated Directory Traversal And Local File Inclusion (Observium) Link
25/09/2020 ⚠️ CVE-2020-25134 Authenticated Directory Traversal And Local File Inclusion (Observium) Link
25/09/2020 ⚠️ CVE-2020-25135 Cross-Site Scripting (Observium) Link
25/09/2020 ⚠️ CVE-2020-25136 Authenticated Directory Traversal And Local File Inclusion (Observium) Link
25/09/2020 ⚠️ CVE-2020-25137 Cross Site Scripting (Observium) Link
25/09/2020 ⚠️ CVE-2020-25138 Cross Site Scripting (Observium) Link
25/09/2020 ⚠️ CVE-2020-25139 Cross Site Scripting (Observium) Link
25/09/2020 ⚠️ CVE-2020-25140 Cross Site Scripting (Observium) Link
25/09/2020 ⚠️ CVE-2020-25141 Cross Site Scripting (Observium) Link
25/09/2020 ⚠️ CVE-2020-25142 Cross Site Request Forgery (CSRF) (Observium) Link
25/09/2020 ⚠️ CVE-2020-25143 SQL Injection (Observium) Link
25/09/2020 ⚠️ CVE-2020-25144 Authenticated Directory Traversal And Local File Inclusion (Observium) Link
25/09/2020 ⚠️ CVE-2020-25145 Authenticated Directory Traversal And Local File Inclusion (Observium) Link
25/09/2020 ⚠️ CVE-2020-25146 Cross Site Scripting (Observium) Link
25/09/2020 ⚠️ CVE-2020-25147 SQL Injection (Observium) Link
25/09/2020 ⚠️ CVE-2020-25148 Cross Site Scripting (Observium) Link
25/09/2020 ⚠️ CVE-2020-25149 Authenticated Directory Traversal And Local File Inclusion (Observium) Link
03/09/2020 ⚠️ CVE-2020-25102 Cross-Site Scripting (SilverStripe Advanced Reports Module) Link
26/08/2020 ⚠️ CVE-2020-5920 F5 BIG-IP AFM SQL Injection Link
11/08/2020 ⚠️ CVE-2020-1569 Microsoft Edge Memory Corruption Link
17/07/2020 ⚠️ CVE-2020-15596 Touchpad driver DLL Hijacking Link
29/05/2020 ⚠️ CVE-2020-13700 wp plugin acf-to-rest-api Insecure direct object reference via permalinks manipulation Link
25/05/2020 ⚠️ CVE-2020-13484 Bitrix CRM unauthenticated server side request forgery Link
25/05/2020 ⚠️ CVE-2020-13483 Bitrix CRM XSS / WAF bypass Link
24/05/2020 ⚠️ CVE-2020-13443 ExpressionEngine Remote Command Execution via unrestricted file upload Link
21/04/2020 ⚠️ CVE-2020-11976 Apache Wicket Directory traversal due to guard protection bypass – read wicket markup file source Link
13/01/2020 ⚠️ CVE-2020-6856 JOC Cockpit, Jobscheduler, XML External Entity Link
13/01/2020 ⚠️ CVE-2020-6855 JOC Cockpit, Jobscheduler, Denial of Service Link
13/01/2020 ⚠️ CVE-2020-6854 JOC Cockpit, Jobscheduler, Multiple Stored Cross Site Scripting Link
20/11/2019 ⚠️ CVE-2019-19129 Afterlogic WebMail Pro 8.3.11 Remote Stored XSS via an attachment name. Link
05/08/2019 ⚠️ CVE-2019-14521 Arbitrary File Upload leading to RCE (Energy Logserver) Link
17/07/2019 ⚠️ CVE-2020-5907 TMOS Shell privilege escalation vulnerability Link
26/03/2019 ⚠️ CVE-2019-10070 Apache Atlas, Stored Cross Site Scripting Link

Czy Twoja firma jest bezpieczna w sieci?

Dołącz do grona naszych zadowolonych klientów i zabezpiecz swoją firmę przed cyberzagrożeniami już dziś!

Zostaw nam swoje dane kontaktowe, a nasz zespół skontaktuje się z Tobą, aby omówić szczegóły i dopasować ofertę do Twoich potrzeb. Dbamy o pełną dyskrecję i poufność Twoich danych, dlatego możesz nam zaufać.