Research

This section showcases a select range of vulnerabilities identified by AFINE Team, made publicly available for the broader community. While the bulk of our findings are confined to client-specific engagements and remain undisclosed for security reasons, these published reports represent critical insights into commonly encountered security flaws.

Date CVE Topic Details
14/02/2024 ⚠️ CVE-2024-0010 PAN-OS: Reflected Cross-Site Scripting (XSS) Vulnerability in GlobalProtect Portal Link
07/02/2024 ⚠️ CVE-2024-24816 Cross-site scripting (XSS) in CKEditor4 samples with the preview feature enabled Link
11/01/2024 ⚠️ CVE-2023-5118 Stored XSS in Kofax Capture software Link
21/12/2023 ⚠️ CVE-2023-4925 Easy Forms for Mailchimp <= 6.8.10 – Admin+ Stored Cross-Site Scripting Link
12/12/2023 ⚠️ CVE-2023-45184 Decryption key disclosure in IBM i Access Client Solutions due to improper authority checks Link
12/12/2023 ⚠️ CVE-2023-45182 Possibility to decrypt password-encryption key in IBM i Access Client Solutions allowing attacker to obtain passwords to other systems Link
12/12/2023 ⚠️ CVE-2023-45185 Remote Code Execution in IBM i Access Client Solutions Link
12/12/2023 ⚠️ CVE-2023-4932 Reflected Cross-Site Scripting in SAS 9.4 Link
06/11/2023 ⚠️ CVE-2023-5958 POST SMTP Mailer < 2.7.1 – Unauthenticated Cross-site Scripting Link
06/11/2023 ⚠️ CVE-2023-5209 Bookly < 22.5 – Admin+ Stored XSS Link
08/08/2023 ⚠️ CVE-2023-35359 Windows Kernel Elevation of Privilege Vulnerability Link
25/07/2023 ⚠️ CVE-2023-39062 Cross Site Scripting vulnerability in Spipu HTML2PDF before v.5.2.8 Link
02/10/2023 ⚠️ CVE-2023-38419 Denial of Service of Big-IQ iControl SOAP daemon by an attacker with guest privileges Link
02/10/2023 ⚠️ CVE-2023-38138 Reflected Cross-site Scripting in BIG-IP Configuration utility Link
13/06/2023 ⚠️ CVE-2023-35840 elFinder < 2.1.62 – Path Traversal vulnerability in PHP LocalVolumeDriver connector Link
20/03/2023 ⚠️ CVE-2023-1478 Hummingbird < 3.4.2 – Unauthenticated Path Traversal Link
16/03/2023 ⚠️ CVE-2023-28530 IBM Cognos Analytics – Stored cross-site scripting caused by improper validation of SVG Files in Custom Visualizations Link
18/10/2022 ⚠️ CVE-2022-40746 OwnCloud URL spoofing in password reset mail Link
16/09/2022 ⚠️ CVE-2022-40746 IBM i Access Client Solutions is vulnerable to DLL hijacking when run on a Windows operating system Link
25/07/2022 ⚠️ CVE-2022-36433 Cross-site Scripting (XSS) in blog-post creation functionality in Amasty Blog Pro for Magento 2 Link
25/07/2022 ⚠️ CVE-2022-36432 Cross-site Scripting (XSS) in Preview functionality in Amasty Blog Pro for Magento 2 Link
11/07/2022 ⚠️ CVE-2022-35501 Stored Cross-site Scripting (XSS) in blog-post creation functionality in Amasty Blog Pro for Magento 2 Link
11/07/2022 ⚠️ CVE-2022-35500 Stored Cross-site Scripting (XSS) in leave comment functionality in Amasty Blog Pro for Magento 2 Link
11/07/2022 ⚠️ CVE-2022-35642 IBM InfoSphere Information Server is vulnerable to stored cross-site scripting Link
12/05/2022 ⚠️ CVE-2022-30615 IBM InfoSphere Information Server is vulnerable to cross-site scripting Link
28/06/2021 ⚠️ CVE-2021-34254 Open Redirection (OurUmbraco) Link
16/06/2021 ⚠️ CVE-2021-3584 Server-side remote code execution (Foreman) Link
08/06/2021 ⚠️ CVE-2021-1675 Windows Print Spooler Elevation of Privilege Vulnerability Link
07/06/2021 ⚠️ CVE-2021-24378 Authenticated Stored XSS (Autoptimize) Link
07/06/2021 ⚠️ CVE-2021-24377 Race Condition leading to RCE (Autoptimize) Link
07/06/2021 ⚠️ CVE-2021-24376 Arbitrary File Upload (Autoptimize) Link
13/05/2021 ⚠️ CVE-2021-21559 Dell EMC NetWorker Security Update for Multiple Vulnerabilities Link
13/05/2021 ⚠️ CVE-2021-21558 Dell EMC NetWorker Security Update for Multiple Vulnerabilities Link
25/09/2020 ⚠️ CVE-2020-25130 SQL Injection (Observium) Link
25/09/2020 ⚠️ CVE-2020-25131 Cross-Site Scripting (Observium) Link
25/09/2020 ⚠️ CVE-2020-25132 SQL Injection (Observium) Link
25/09/2020 ⚠️ CVE-2020-25133 Authenticated Directory Traversal And Local File Inclusion (Observium) Link
25/09/2020 ⚠️ CVE-2020-25134 Authenticated Directory Traversal And Local File Inclusion (Observium) Link
25/09/2020 ⚠️ CVE-2020-25135 Cross-Site Scripting (Observium) Link
25/09/2020 ⚠️ CVE-2020-25136 Authenticated Directory Traversal And Local File Inclusion (Observium) Link
25/09/2020 ⚠️ CVE-2020-25137 Cross Site Scripting (Observium) Link
25/09/2020 ⚠️ CVE-2020-25138 Cross Site Scripting (Observium) Link
25/09/2020 ⚠️ CVE-2020-25139 Cross Site Scripting (Observium) Link
25/09/2020 ⚠️ CVE-2020-25140 Cross Site Scripting (Observium) Link
25/09/2020 ⚠️ CVE-2020-25141 Cross Site Scripting (Observium) Link
25/09/2020 ⚠️ CVE-2020-25142 Cross Site Request Forgery (CSRF) (Observium) Link
25/09/2020 ⚠️ CVE-2020-25143 SQL Injection (Observium) Link
25/09/2020 ⚠️ CVE-2020-25144 Authenticated Directory Traversal And Local File Inclusion (Observium) Link
25/09/2020 ⚠️ CVE-2020-25145 Authenticated Directory Traversal And Local File Inclusion (Observium) Link
25/09/2020 ⚠️ CVE-2020-25146 Cross Site Scripting (Observium) Link
25/09/2020 ⚠️ CVE-2020-25147 SQL Injection (Observium) Link
25/09/2020 ⚠️ CVE-2020-25148 Cross Site Scripting (Observium) Link
25/09/2020 ⚠️ CVE-2020-25149 Authenticated Directory Traversal And Local File Inclusion (Observium) Link
03/09/2020 ⚠️ CVE-2020-25102 Cross-Site Scripting (SilverStripe Advanced Reports Module) Link
26/08/2020 ⚠️ CVE-2020-5920 F5 BIG-IP AFM SQL Injection Link
11/08/2020 ⚠️ CVE-2020-1569 Microsoft Edge Memory Corruption Link
17/07/2020 ⚠️ CVE-2020-15596 Touchpad driver DLL Hijacking Link
29/05/2020 ⚠️ CVE-2020-13700 wp plugin acf-to-rest-api Insecure direct object reference via permalinks manipulation Link
25/05/2020 ⚠️ CVE-2020-13484 Bitrix CRM unauthenticated server side request forgery Link
25/05/2020 ⚠️ CVE-2020-13483 Bitrix CRM XSS / WAF bypass Link
24/05/2020 ⚠️ CVE-2020-13443 ExpressionEngine Remote Command Execution via unrestricted file upload Link
21/04/2020 ⚠️ CVE-2020-11976 Apache Wicket Directory traversal due to guard protection bypass – read wicket markup file source Link
13/01/2020 ⚠️ CVE-2020-6856 JOC Cockpit, Jobscheduler, XML External Entity Link
13/01/2020 ⚠️ CVE-2020-6855 JOC Cockpit, Jobscheduler, Denial of Service Link
13/01/2020 ⚠️ CVE-2020-6854 JOC Cockpit, Jobscheduler, Multiple Stored Cross Site Scripting Link
20/11/2019 ⚠️ CVE-2019-19129 Afterlogic WebMail Pro 8.3.11 Remote Stored XSS via an attachment name. Link
05/08/2019 ⚠️ CVE-2019-14521 Arbitrary File Upload leading to RCE (Energy Logserver) Link
17/07/2019 ⚠️ CVE-2020-5907 TMOS Shell privilege escalation vulnerability Link
26/03/2019 ⚠️ CVE-2019-10070 Apache Atlas, Stored Cross Site Scripting Link

Is your company secure online?

Join our list of satisfied customers and safeguard your company’s data!

Trust us and leave your contact details. Our team will contact you to discuss the details and prepare a tailor-made offer for you. Full discretion and confidentiality of your data are guaranteed.