VYPR

Vendor CVEs

Absolute

All CVEs

52 total · sorted by risk
  • CVE-2026-33447CriApr 30, 2026
    risk 0.64cvss 9.8epss 0.00

    CVE-2026-33447 is a buffer overflow in a message parsing function of the Secure Access client prior to 14.50. Attackers with control of a modified server can send a special packet that can overwrite a small portion of memory conceivably leading to memory corruption or denial…

  • CVE-2026-33446CriApr 30, 2026
    risk 0.64cvss 9.8epss 0.00

    CVE-2026-33446 is a buffer overflow in the authentication sub-system of the Secure Access client prior to 14.50. Attackers with control of a modified server can send a special packet that can overwrite a small portion of memory conceivably leading to memory corruption or a…

  • CVE-2018-16715HigSep 8, 2018
    risk 0.57cvss 8.8epss 0.01

    An issue was discovered in Absolute Software CTES Windows Agent through 1.0.0.1479. The security permissions on the %ProgramData%\CTES folder and sub-folders may allow write access to low-privileged user accounts. This allows unauthorized replacement of service program…

  • CVE-2024-40872HigJul 25, 2024
    risk 0.55cvss 8.4epss 0.00

    There is an elevation of privilege vulnerability in server and client components of Absolute Secure Access prior to version 13.07. Attackers with local access and valid desktop user credentials can elevate their privilege to system level by passing invalid address data to the…

  • CVE-2026-33451HigApr 30, 2026
    risk 0.51cvss 7.8epss 0.00

    CVE-2026-33451 is an arbitrary read/write vulnerability in the Secure Access Windows client prior to 14.50. Attackers with local control of the Windows client can send malformed data to an API and elevate their level of privilege to system.

  • CVE-2026-33449HigApr 30, 2026
    risk 0.49cvss 7.5epss 0.00

    CVE-2026-33449 is a buffer overflow in a message handling function of the Secure Access client prior to 14.50. Attackers with control of a modified server can send a cryptographically valid message to the client, overwriting a small portion of memory conceivably leading to a …

  • CVE-2009-5151MedMay 11, 2018
    risk 0.44cvss 6.7epss 0.01

    The stub component of Absolute Computrace Agent V70.785 executes code from a disk's inter-partition space without requiring a digital signature for that code, which allows attackers to execute code on the BIOS. This allows a privileged local user to achieve persistent control of…

  • CVE-2009-5150MedMay 11, 2018
    risk 0.44cvss 6.7epss 0.01

    Absolute Computrace Agent V80.845 and V80.866 does not have a digital signature for the configuration block, which allows attackers to set up communication with a web site other than the intended search.namequery.com site by modifying data within a disk's inter-partition space.…

  • CVE-2026-40950MedApr 30, 2026
    risk 0.42cvss 6.5epss 0.00

    CVE-2026-40950 is a buffer overflow vulnerability in the Secure Access server prior to 14.50. Attackers with control of a modified client can send a specially crafted message to the server and cause a denial of service

  • CVE-2025-54603MedOct 14, 2025
    risk 0.42cvss 6.5epss 0.01

    An incorrect OIDC authentication flow in Claroty Secure Access 3.3.0 through 4.0.2 can result in unauthorized user creation or impersonation of existing OIDC users.

  • CVE-2024-40875MedDec 20, 2024
    risk 0.38cvss epss 0.00

    There is a cross-site scripting vulnerability in the management console of Absolute Secure Access prior to version 13.52. Attackers with system administrator permissions can interfere with another system administrator’s use of the management console when the second…

  • CVE-2026-40951MedApr 30, 2026
    risk 0.36cvss 5.5epss 0.00

    CVE-2026-40951 is a memory corruption vulnerability on Secure Access Windows clients prior to 14.50. Attackers with local control of the Windows client can send malformed data to an API and trigger a denial of service.

  • CVE-2026-33452MedApr 30, 2026
    risk 0.36cvss 5.5epss 0.00

    CVE-2026-33452 is a buffer overflow vulnerability in the Secure Access Windows client prior to 14.50. Attackers with local control of the Windows client can use it to ‘blue screen’ the system.

  • CVE-2026-33450MedApr 30, 2026
    risk 0.36cvss 5.5epss 0.00

    CVE-2026-33450 is an out of bounds read vulnerability in the Secure Access MacOS client prior to 14.50. Attackers with control of a modified server can send a malformed packet to the client causing a denial of service.

  • CVE-2025-27705MedMar 19, 2025
    risk 0.36cvss epss 0.00

    There is a cross-site scripting vulnerability in the Secure Access administrative console of Absolute Secure Access prior to version 13.53. Attackers with system administrator permissions can interfere with another system administrator’s use of the management console when the…

  • CVE-2025-27704MedMar 19, 2025
    risk 0.36cvss epss 0.00

    There is a cross-site scripting vulnerability in the Secure Access administrative console of Absolute Secure Access prior to version 13.53. Attackers with system administrator permissions can interfere with another system administrator’s use of the management console when the…

  • CVE-2026-40949MedApr 30, 2026
    risk 0.29cvss 4.4epss 0.00

    CVE-2026-40949 is a buffer overflow vulnerability in the Secure Access Windows client prior to 14.50. Attackers with local control of the Windows client can use it to trigger a denial of service.

  • CVE-2009-5152MedMay 11, 2018
    risk 0.27cvss 4.1epss 0.00

    Absolute Computrace Agent, as distributed on certain Dell Inspiron systems through 2009, has a race condition with the Dell Client Configuration Utility (DCCU), which allows privileged local users to change Computrace Agent's activation/deactivation status to the factory default…

  • CVE-2026-33448LowApr 30, 2026
    risk 0.21cvss 3.3epss 0.00

    CVE-2026-33448 is a format string vulnerability in the logging subsystem of Secure Access client for MacOS prior to 14.50. Attackers with control of a modified server can force the client to dump the contents of a small portion of memory to the log files potentially revealing…

  • CVE-2007-6268Dec 7, 2007
    risk 0.04cvss epss 0.08

    Directory traversal vulnerability in pages/default.aspx in Absolute News Manager.NET 5.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the template parameter.

  • CVE-2008-6858Jul 14, 2009
    risk 0.03cvss epss 0.03

    Absolute Banner Manager .NET 4.0 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value.

  • CVE-2026-0519Jan 17, 2026
    risk 0.00cvss epss 0.00

    In Secure Access 12.70 and prior to 14.20, the logging subsystem may write an unredacted authentication token to logs under certain configurations. Any party with access to those logs could read the token and reuse it to access an integrated system.

  • CVE-2026-0518Jan 17, 2026
    risk 0.00cvss epss 0.00

    CVE-2026-0518 is a cross-site scripting vulnerability in versions of Secure Access prior to 14.20. An attacker with administrative privileges can interfere with another administrator’s use of the console.

  • CVE-2026-0517Jan 17, 2026
    risk 0.00cvss epss 0.00

    CVE-2026-0517 is a denial-of-service vulnerability in versions of Secure Access Server prior to 14.20. An attacker can send a specially crafted packet to a server and cause the server to crash

  • CVE-2025-59596Nov 4, 2025
    risk 0.00cvss epss 0.00

    CVE-2025-59596 is a denial-of-service vulnerability in Secure Access Windows client versions 12.0 to 14.10 that is addressed in version 14.12. If a local networking policy is active, attackers on an adjacent network may be able to send a crafted packet and cause the client…

  • CVE-2025-59595Nov 4, 2025
    risk 0.00cvss epss 0.00

    CVE-2025-59595 is an internally discovered denial of service vulnerability in versions of Secure Access prior to 14.12. An attacker can send a specially crafted packet to a server in a non-default configuration and cause the server to crash.

  • CVE-2025-54089Oct 2, 2025
    risk 0.00cvss epss 0.00

    CVE-2025-54089 is a cross-site scripting vulnerability in versions of secure access prior to 14.10. Attackers with administrative access to the console can interfere with another administrator’s access to the console. The attack complexity is low; there are no attack…

  • CVE-2025-54088Oct 2, 2025
    risk 0.00cvss epss 0.00

    CVE-2025-54088 is an open-redirect vulnerability in Secure Access prior to version 14.10. Attackers with access to the console can redirect victims to an arbitrary URL. The attack complexity is low, attack requirements are present, no privileges are required, and users must…

  • CVE-2025-54087Oct 2, 2025
    risk 0.00cvss epss 0.00

    CVE-2025-54087 is a server-side request forgery vulnerability in Secure Access prior to version 14.10. Attackers with administrative privileges can publish a crafted test HTTP request originating from the Secure Access server. The attack complexity is high, there are no attack…

  • CVE-2025-54086Oct 2, 2025
    risk 0.00cvss epss 0.00

    CVE-2025-54086 is an excess permissions vulnerability in the Warehouse component of Absolute Secure Access prior to version 14.10. Attackers with access to the local file system can read the Java keystore file. The attack complexity is low, there are no attack requirements, the…

  • CVE-2025-49082Jul 30, 2025
    risk 0.00cvss epss 0.00

    CVE-2025-49082 is a vulnerability in the management console of Absolute Secure Access prior to version 13.56. Attackers with administrative access to the console and who have been assigned a certain set of permissions can bypass those permissions to improperly read other…

  • CVE-2025-54085Jul 30, 2025
    risk 0.00cvss epss 0.00

    CVE-2025-54085 is a vulnerability in the management console of Absolute Secure Access prior to version 13.56. Attackers with administrative access to the console and who have been assigned a certain set of permissions can bypass those permissions to improperly read or change…

  • CVE-2025-49084Jul 30, 2025
    risk 0.00cvss epss 0.00

    CVE-2025-49084 is a vulnerability in the management console of Absolute Secure Access prior to version 13.56. Attackers with administrative access can overwrite policy rules without the requisite permissions. The attack complexity is low, attack requirements are present,…

  • CVE-2025-49083Jul 30, 2025
    risk 0.00cvss epss 0.00

    CVE-2025-49083 is a vulnerability in the management console of Absolute Secure Access after version 12.00 and prior to version 13.56. Attackers with administrative access to the console can cause unsafe content to be deserialized and executed in the security context of the…

  • CVE-2025-49081Jun 12, 2025
    risk 0.00cvss epss 0.00

    There is an insufficient input validation vulnerability in the warehouse component of Absolute Secure Access prior to server version 13.55. Attackers with system administrator permissions can impair the availability of the Secure Access administrative UI by writing invalid data…

  • CVE-2025-49080Jun 12, 2025
    risk 0.00cvss epss 0.00

    There is a memory management vulnerability in Absolute Secure Access server versions 9.0 to 13.54. Attackers with network access to the server can cause a Denial of Service by sending a specially crafted sequence of packets to the server. The attack complexity is low, there are…

  • CVE-2025-27706May 28, 2025
    risk 0.00cvss epss 0.00

    CVE-2025-27706 is a cross-site scripting vulnerability in the management console of Absolute Secure Access prior to version 13.54. Attackers with system administrator permissions can interfere with another system administrator’s use of the management console when the second…

  • CVE-2025-27703May 28, 2025
    risk 0.00cvss epss 0.00

    CVE-2025-27703 is a privilege escalation vulnerability in the management console of Absolute Secure Access prior to version 13.54. Attackers with administrative access to a specific subset of privileged features in the console can elevate their permissions to access…

  • CVE-2025-27702May 28, 2025
    risk 0.00cvss epss 0.00

    CVE-2025-27702 is a vulnerability in the management console of Absolute Secure Access prior to version 13.54. Attackers with administrative access to the console and who have been assigned a certain set of permissions can bypass those permissions to improperly modify…

  • CVE-2024-6364May 13, 2025
    risk 0.00cvss epss 0.00

    A vulnerability in Absolute Persistence® versions before 2.8 exists when it is not activated. This may allow a skilled attacker with both physical access to the device, and full hostile network control, to initiate OS commands on the device. To remediate this vulnerability,…

  • CVE-2024-40873Jul 25, 2024
    risk 0.00cvss epss 0.00

    There is a cross-site scripting vulnerability in the Secure Access administrative console of Absolute Secure Access prior to version 13.07. Attackers with system administrator permissions can interfere with another system administrator’s use of the publishing UI when the…

  • CVE-2024-37352Jun 20, 2024
    risk 0.00cvss epss 0.00

    There is a cross-site scripting vulnerability in the management UI of Absolute Secure Access prior to version 13.06 that allows attackers with system administrator permissions to interfere with other system administrators’ use of the management UI when the second administrator…

  • CVE-2024-37351Jun 20, 2024
    risk 0.00cvss epss 0.00

    There is a cross-site scripting vulnerability in the management UI of Absolute Secure Access prior to version 13.06. Attackers with system administrator permissions can interfere with other system administrator’s use of the management UI when the second administrator later…

  • CVE-2024-37350Jun 20, 2024
    risk 0.00cvss epss 0.00

    There is a cross-site scripting vulnerability in the policy management UI of Absolute Secure Access prior to version 13.06. Attackers can interfere with a system administrator’s use of the policy management UI when the attacker convinces the victim administrator to follow a…

  • CVE-2024-37349Jun 20, 2024
    risk 0.00cvss epss 0.00

    There is a cross-site scripting vulnerability in the management UI of Absolute Secure Access prior to version 13.06. Attackers with system administrator permissions can interfere with other system administrator’s use of the management UI when the victim administrator edits the…

  • CVE-2024-37348Jun 20, 2024
    risk 0.00cvss epss 0.00

    There is a cross-site scripting vulnerability in the management UI of Absolute Secure Access prior to version 13.06. Attackers with system administrator permissions can interfere with another system administrator’s use of the management UI when the second administrator later…

  • CVE-2024-37347Jun 20, 2024
    risk 0.00cvss epss 0.00

    There is a cross-site scripting vulnerability in the pool configuration component of the management UI of Absolute Secure Access prior to 13.06. Attackers with system administrator permissions can pass a limited length script to be run by another administrator. The scope is…

  • CVE-2024-37346Jun 20, 2024
    risk 0.00cvss epss 0.00

    There is an insufficient input validation vulnerability in the Warehouse component of Absolute Secure Access prior to 13.06. Attackers with system administrator permissions can impair the availability of certain elements of the Secure Access administrative UI by writing invalid…

  • CVE-2024-37345Jun 20, 2024
    risk 0.00cvss epss 0.00

    There is a cross-site scripting vulnerability in the Secure Access administrative UI of Absolute Secure Access prior to version 13.06. Attackers can pass a limited-length script to the administrative UI which is then stored where an administrator can access it. The scope is…

  • CVE-2024-37344Jun 20, 2024
    risk 0.00cvss epss 0.00

    There is a cross-site scripting vulnerability in the Policy management UI of Absolute Secure Access prior to version 13.06. Attackers with system administrator permissions can interfere with another system administrator’s use of the policy management UI when the administrators…

Page 1 of 2