Research 
This section showcases a select range of vulnerabilities identified by AFINE Team, made publicly available for the broader community. While the bulk of our findings are confined to client-specific engagements and remain undisclosed for security reasons, these published reports represent critical insights into commonly encountered security flaws.
| Date | CVE | Topic | Details | |
|---|---|---|---|---|
| 18/03/2024 | ⚠️ | CVE-2024-1606 | HTML injection in BMC Control-M | Link |
| 18/03/2024 | ⚠️ | CVE-2024-1605 | DLL side-loading in BMC Control-M | Link |
| 18/03/2024 | ⚠️ | CVE-2024-1604 | Incorrect authorization in BMC Control-M | Link |
| 14/02/2024 | ⚠️ | CVE-2024-0010 | PAN-OS: Reflected Cross-Site Scripting (XSS) Vulnerability in GlobalProtect Portal | Link |
| 07/02/2024 | ⚠️ | CVE-2024-24816 | Cross-site scripting (XSS) in CKEditor4 samples with the preview feature enabled | Link |
| 11/01/2024 | ⚠️ | CVE-2023-5118 | Stored XSS in Kofax Capture software | Link |
| 21/12/2023 | ⚠️ | CVE-2023-4925 | Easy Forms for Mailchimp <= 6.8.10 – Admin+ Stored Cross-Site Scripting | Link |
| 12/12/2023 | ⚠️ | CVE-2023-45184 | Decryption key disclosure in IBM i Access Client Solutions due to improper authority checks | Link |
| 12/12/2023 | ⚠️ | CVE-2023-45182 | Possibility to decrypt password-encryption key in IBM i Access Client Solutions allowing attacker to obtain passwords to other systems | Link |
| 12/12/2023 | ⚠️ | CVE-2023-45185 | Remote Code Execution in IBM i Access Client Solutions | Link |
| 12/12/2023 | ⚠️ | CVE-2023-4932 | Reflected Cross-Site Scripting in SAS 9.4 | Link |
| 06/11/2023 | ⚠️ | CVE-2023-5958 | POST SMTP Mailer < 2.7.1 – Unauthenticated Cross-site Scripting | Link |
| 06/11/2023 | ⚠️ | CVE-2023-5209 | Bookly < 22.5 – Admin+ Stored XSS | Link |
| 08/08/2023 | ⚠️ | CVE-2023-35359 | Windows Kernel Elevation of Privilege Vulnerability | Link |
| 25/07/2023 | ⚠️ | CVE-2023-39062 | Cross Site Scripting vulnerability in Spipu HTML2PDF before v.5.2.8 | Link |
| 02/10/2023 | ⚠️ | CVE-2023-38419 | Denial of Service of Big-IQ iControl SOAP daemon by an attacker with guest privileges | Link |
| 02/10/2023 | ⚠️ | CVE-2023-38138 | Reflected Cross-site Scripting in BIG-IP Configuration utility | Link |
| 13/06/2023 | ⚠️ | CVE-2023-35840 | elFinder < 2.1.62 – Path Traversal vulnerability in PHP LocalVolumeDriver connector | Link |
| 20/03/2023 | ⚠️ | CVE-2023-1478 | Hummingbird < 3.4.2 – Unauthenticated Path Traversal | Link |
| 16/03/2023 | ⚠️ | CVE-2023-28530 | IBM Cognos Analytics – Stored cross-site scripting caused by improper validation of SVG Files in Custom Visualizations | Link |
| 18/10/2022 | ⚠️ | CVE-2022-40746 | OwnCloud URL spoofing in password reset mail | Link |
| 16/09/2022 | ⚠️ | CVE-2022-40746 | IBM i Access Client Solutions is vulnerable to DLL hijacking when run on a Windows operating system | Link |
| 25/07/2022 | ⚠️ | CVE-2022-36433 | Cross-site Scripting (XSS) in blog-post creation functionality in Amasty Blog Pro for Magento 2 | Link |
| 25/07/2022 | ⚠️ | CVE-2022-36432 | Cross-site Scripting (XSS) in Preview functionality in Amasty Blog Pro for Magento 2 | Link |
| 11/07/2022 | ⚠️ | CVE-2022-35501 | Stored Cross-site Scripting (XSS) in blog-post creation functionality in Amasty Blog Pro for Magento 2 | Link |
| 11/07/2022 | ⚠️ | CVE-2022-35500 | Stored Cross-site Scripting (XSS) in leave comment functionality in Amasty Blog Pro for Magento 2 | Link |
| 11/07/2022 | ⚠️ | CVE-2022-35642 | IBM InfoSphere Information Server is vulnerable to stored cross-site scripting | Link |
| 12/05/2022 | ⚠️ | CVE-2022-30615 | IBM InfoSphere Information Server is vulnerable to cross-site scripting | Link |
| 28/06/2021 | ⚠️ | CVE-2021-34254 | Open Redirection (OurUmbraco) | Link |
| 16/06/2021 | ⚠️ | CVE-2021-3584 | Server-side remote code execution (Foreman) | Link |
| 08/06/2021 | ⚠️ | CVE-2021-1675 | Windows Print Spooler Elevation of Privilege Vulnerability | Link |
| 07/06/2021 | ⚠️ | CVE-2021-24378 | Authenticated Stored XSS (Autoptimize) | Link |
| 07/06/2021 | ⚠️ | CVE-2021-24377 | Race Condition leading to RCE (Autoptimize) | Link |
| 07/06/2021 | ⚠️ | CVE-2021-24376 | Arbitrary File Upload (Autoptimize) | Link |
| 13/05/2021 | ⚠️ | CVE-2021-21559 | Dell EMC NetWorker Security Update for Multiple Vulnerabilities | Link |
| 13/05/2021 | ⚠️ | CVE-2021-21558 | Dell EMC NetWorker Security Update for Multiple Vulnerabilities | Link |
| 25/09/2020 | ⚠️ | CVE-2020-25130 | SQL Injection (Observium) | Link |
| 25/09/2020 | ⚠️ | CVE-2020-25131 | Cross-Site Scripting (Observium) | Link |
| 25/09/2020 | ⚠️ | CVE-2020-25132 | SQL Injection (Observium) | Link |
| 25/09/2020 | ⚠️ | CVE-2020-25133 | Authenticated Directory Traversal And Local File Inclusion (Observium) | Link |
| 25/09/2020 | ⚠️ | CVE-2020-25134 | Authenticated Directory Traversal And Local File Inclusion (Observium) | Link |
| 25/09/2020 | ⚠️ | CVE-2020-25135 | Cross-Site Scripting (Observium) | Link |
| 25/09/2020 | ⚠️ | CVE-2020-25136 | Authenticated Directory Traversal And Local File Inclusion (Observium) | Link |
| 25/09/2020 | ⚠️ | CVE-2020-25137 | Cross Site Scripting (Observium) | Link |
| 25/09/2020 | ⚠️ | CVE-2020-25138 | Cross Site Scripting (Observium) | Link |
| 25/09/2020 | ⚠️ | CVE-2020-25139 | Cross Site Scripting (Observium) | Link |
| 25/09/2020 | ⚠️ | CVE-2020-25140 | Cross Site Scripting (Observium) | Link |
| 25/09/2020 | ⚠️ | CVE-2020-25141 | Cross Site Scripting (Observium) | Link |
| 25/09/2020 | ⚠️ | CVE-2020-25142 | Cross Site Request Forgery (CSRF) (Observium) | Link |
| 25/09/2020 | ⚠️ | CVE-2020-25143 | SQL Injection (Observium) | Link |
| 25/09/2020 | ⚠️ | CVE-2020-25144 | Authenticated Directory Traversal And Local File Inclusion (Observium) | Link |
| 25/09/2020 | ⚠️ | CVE-2020-25145 | Authenticated Directory Traversal And Local File Inclusion (Observium) | Link |
| 25/09/2020 | ⚠️ | CVE-2020-25146 | Cross Site Scripting (Observium) | Link |
| 25/09/2020 | ⚠️ | CVE-2020-25147 | SQL Injection (Observium) | Link |
| 25/09/2020 | ⚠️ | CVE-2020-25148 | Cross Site Scripting (Observium) | Link |
| 25/09/2020 | ⚠️ | CVE-2020-25149 | Authenticated Directory Traversal And Local File Inclusion (Observium) | Link |
| 03/09/2020 | ⚠️ | CVE-2020-25102 | Cross-Site Scripting (SilverStripe Advanced Reports Module) | Link |
| 26/08/2020 | ⚠️ | CVE-2020-5920 | F5 BIG-IP AFM SQL Injection | Link |
| 11/08/2020 | ⚠️ | CVE-2020-1569 | Microsoft Edge Memory Corruption | Link |
| 17/07/2020 | ⚠️ | CVE-2020-15596 | Touchpad driver DLL Hijacking | Link |
| 29/05/2020 | ⚠️ | CVE-2020-13700 | wp plugin acf-to-rest-api Insecure direct object reference via permalinks manipulation | Link |
| 25/05/2020 | ⚠️ | CVE-2020-13484 | Bitrix CRM unauthenticated server side request forgery | Link |
| 25/05/2020 | ⚠️ | CVE-2020-13483 | Bitrix CRM XSS / WAF bypass | Link |
| 24/05/2020 | ⚠️ | CVE-2020-13443 | ExpressionEngine Remote Command Execution via unrestricted file upload | Link |
| 21/04/2020 | ⚠️ | CVE-2020-11976 | Apache Wicket Directory traversal due to guard protection bypass – read wicket markup file source | Link |
| 13/01/2020 | ⚠️ | CVE-2020-6856 | JOC Cockpit, Jobscheduler, XML External Entity | Link |
| 13/01/2020 | ⚠️ | CVE-2020-6855 | JOC Cockpit, Jobscheduler, Denial of Service | Link |
| 13/01/2020 | ⚠️ | CVE-2020-6854 | JOC Cockpit, Jobscheduler, Multiple Stored Cross Site Scripting | Link |
| 20/11/2019 | ⚠️ | CVE-2019-19129 | Afterlogic WebMail Pro 8.3.11 Remote Stored XSS via an attachment name. | Link |
| 05/08/2019 | ⚠️ | CVE-2019-14521 | Arbitrary File Upload leading to RCE (Energy Logserver) | Link |
| 17/07/2019 | ⚠️ | CVE-2020-5907 | TMOS Shell privilege escalation vulnerability | Link |
| 26/03/2019 | ⚠️ | CVE-2019-10070 | Apache Atlas, Stored Cross Site Scripting | Link |
Trust us and leave your contact details. Our team will contact you to discuss the details and prepare a tailor-made offer for you. Full discretion and confidentiality of your data are guaranteed.
Leave your e-mail and get updates from us directly to your mailbox.
Enter an e-mail address used for signing up for the Premium resources
