Vendor CVEs
Airmagnet
All CVEs
31 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-25076 | Hig | 0.47 | 7.3 | 0.00 | Mar 13, 2026 | Anchore Enterprise versions before 5.25.1 contain an SQL injection vulnerability in the GraphQL Reports API. An authenticated attacker that is able to access the GraphQL API could execute arbitrary SQL instructions resulting in modifications to the data contained in the Anchore… | ||
| CVE-2020-8778 | 0.03 | — | 0.03 | Mar 2, 2020 | Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 (rb65251d6-b368) has XSS via an uploaded document, when the attacker has write access to a project. | |||
| CVE-2020-8777 | 0.03 | — | 0.03 | Mar 2, 2020 | Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 (rb65251d6-b368) has XSS via a user profile photo, as demonstrated by a SCRIPT element in an SVG document. | |||
| CVE-2020-8776 | 0.03 | — | 0.03 | Mar 2, 2020 | Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 (rb65251d6-b368) has XSS via the URL property of a file. | |||
| CVE-2019-7273 | 0.03 | — | 0.04 | Jul 1, 2019 | Optergy Proton/Enterprise devices allow Cross-Site Request Forgery (CSRF). | |||
| CVE-2020-37100 | 0.00 | — | 0.00 | Feb 3, 2026 | Sync Breeze Enterprise 12.4.18 contains an unquoted service path vulnerability that allows local attackers to execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path by placing malicious executables in specific file system locations… | |||
| CVE-2025-59900 | 0.00 | — | 0.00 | Jan 28, 2026 | Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site Scripting (XSS) vulnerability. An attacker could send malicious content to an authenticated user and steal information from their session due to insufficient… | |||
| CVE-2025-59897 | 0.00 | — | 0.00 | Jan 28, 2026 | Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site Scripting (XSS) vulnerability. An attacker could send malicious content to an authenticated user and steal information from their session due to insufficient… | |||
| CVE-2025-59896 | 0.00 | — | 0.00 | Jan 28, 2026 | Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site Scripting (XSS) vulnerability. An attacker could send malicious content to an authenticated user and steal information from their session due to insufficient… | |||
| CVE-2025-59895 | 0.00 | — | 0.00 | Jan 28, 2026 | Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a remote denial-of-service (DoS) vulnerability in the configuration restore functionality. The issue is due to insufficient validation of user-supplied data during this process. An attacker could… | |||
| CVE-2025-59894 | 0.00 | — | 0.00 | Jan 28, 2026 | Cross-Site request forgery (CSRF) vulnerability in Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18. An authenticated user could cause another user to perform unwanted actions within the application they are logged into. This vulnerability is possible… | |||
| CVE-2025-59892 | 0.00 | — | 0.00 | Jan 28, 2026 | Cross-Site request forgery (CSRF) vulnerability in Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18. An authenticated user could cause another user to perform unwanted actions within the application they are logged into. This vulnerability is possible… | |||
| CVE-2025-59891 | 0.00 | — | 0.00 | Jan 28, 2026 | Cross-Site request forgery (CSRF) vulnerability in Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18. An authenticated user could cause another user to perform unwanted actions within the application they are logged into. This vulnerability is possible… | |||
| CVE-2025-64030 | 0.00 | — | 0.00 | Dec 1, 2025 | Eximbills Enterprise 4.1.5 (Built on 2020-10-30) is vulnerable to authenticated stored cross-site scripting (CWE-79) via the /EximBillWeb/servlets/WSTrxManager endpoint. Unsanitized user input in the TMPL_INFO parameter is stored server-side and rendered to other users, enabling… | |||
| CVE-2025-27223 | 0.00 | — | 0.02 | Oct 27, 2025 | TRUfusion Enterprise through 7.10.4.0 exposes the encrypted COOKIEID as an authentication mechanism for some endpoints such as /trufusionPortal/getProjectList. However, the application uses a static key to create the encrypted cookie, ultimately allowing anyone to forge cookies… | |||
| CVE-2021-41588 | 0.00 | — | 0.01 | Sep 24, 2021 | In Gradle Enterprise before 2021.1.3, a crafted request can trigger deserialization of arbitrary unsafe Java objects. The attacker must have the encryption and signing keys. | |||
| CVE-2020-13540 | 0.00 | — | 0.01 | Jan 5, 2021 | An exploitable local privilege elevation vulnerability exists in the file system permissions of the Win-911 Enterprise V4.20.13 install directory via WIN-911 Account Change Utility. Depending on the vector chosen, an attacker can overwrite various executables which could lead to… | |||
| CVE-2020-13539 | 0.00 | — | 0.01 | Jan 5, 2021 | An exploitable local privilege elevation vulnerability exists in the file system permissions of the Win-911 Enterprise V4.20.13 install directory via “WIN-911 Mobile Runtime” service. Depending on the vector chosen, an attacker can overwrite various executables which could… | |||
| CVE-2019-11783 | 0.00 | — | 0.01 | Dec 22, 2020 | Improper access control in mail module (channel partners) in Odoo Community 14.0 and earlier and Odoo Enterprise 14.0 and earlier, allows remote authenticated users to subscribe to arbitrary mail channels uninvited. | |||
| CVE-2019-11782 | 0.00 | — | 0.01 | Dec 22, 2020 | Improper access control in Odoo Community 14.0 and earlier and Odoo Enterprise 14.0 and earlier, allows remote authenticated users with access to contact management to modify user accounts, leading to privilege escalation. | |||
| CVE-2018-15645 | 0.00 | — | 0.01 | Dec 22, 2020 | Improper access control in message routing in Odoo Community 12.0 and earlier and Odoo Enterprise 12.0 and earlier allows remote authenticated users to create arbitrary records via crafted payloads, which may allow privilege escalation. | |||
| CVE-2018-15634 | 0.00 | — | 0.01 | Dec 22, 2020 | Cross-site scripting (XSS) issue in attachment management in Odoo Community 14.0 and earlier and Odoo Enterprise 14.0 and earlier, allows remote attackers to inject arbitrary web script in the browser of a victim via a crafted link. | |||
| CVE-2020-15770 | 0.00 | — | 0.00 | Sep 18, 2020 | An issue was discovered in Gradle Enterprise 2018.5. An attacker can potentially make repeated attempts to guess a local user's password, due to lack of lock-out after excessive failed logins. | |||
| CVE-2018-14860 | 0.00 | — | 0.02 | Jul 3, 2019 | Improper sanitization of dynamic user expressions in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier allows authenticated privileged users to escape from the dynamic expression sandbox and execute arbitrary code on the hosting system. | |||
| CVE-2019-7278 | 0.00 | — | 0.02 | Jul 1, 2019 | Optergy Proton/Enterprise devices have an Unauthenticated SMS Sending Service. | |||
| CVE-2019-11488 | 0.00 | — | 0.02 | Apr 25, 2019 | Incorrect Access Control in the Account Access / Password Reset Link in SimplyBook.me Enterprise before 2019-04-23 allows Unauthorized Attackers to READ/WRITE Customer or Administrator data via a persistent HTTP GET Request Hash Link Replay, as demonstrated by a login-link from… | |||
| CVE-2019-11402 | 0.00 | — | 0.01 | Apr 21, 2019 | In Gradle Enterprise before 2018.5.3, Build Cache Nodes did not store the credentials at rest in an encrypted format. | |||
| CVE-2006-6291 | 0.00 | — | 0.03 | Dec 5, 2006 | Stack overflow in the IMAP module (MEIMAPS.EXE) in MailEnable Professional 1.6 through 1.83 and 2.0 through 2.33, and MailEnable Enterprise 1.1 through 1.40 and 2.0 through 2.33, allows remote authenticated users to cause a denial of service (crash) via a long argument… | |||
| CVE-2006-5742 | 0.00 | — | 0.01 | Nov 6, 2006 | The AirMagnet Enterprise console and Remote Sensor console (Laptop) in AirMagnet Enterprise before 7.5 build 6307 allows remote attackers to inject arbitrary web script or HTML from a certain embedded Internet Explorer object into an SSID template value, aka "Cross-Application… | |||
| CVE-2006-5746 | 0.00 | — | 0.01 | Nov 6, 2006 | The console in AirMagnet Enterprise before 7.5 build 6307 does not properly validate the Enterprise Server certificate, which allows remote attackers to read network traffic via a man-in-the-middle (MITM) attack, possibly related to the use of self-signed certificates. | |||
| CVE-2006-5741 | 0.00 | — | 0.01 | Nov 6, 2006 | Multiple cross-site scripting (XSS) vulnerabilities in AirMagnet Enterprise before 7.5 build 6307 allow remote attackers to inject arbitrary web script or HTML via (1) the 404 error page of the Smart Sensor Edge Sensor; (2) the user name for a failed logon, when displayed in the… |
- risk 0.47cvss 7.3epss 0.00
Anchore Enterprise versions before 5.25.1 contain an SQL injection vulnerability in the GraphQL Reports API. An authenticated attacker that is able to access the GraphQL API could execute arbitrary SQL instructions resulting in modifications to the data contained in the Anchore…
- CVE-2020-8778Mar 2, 2020risk 0.03cvss —epss 0.03
Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 (rb65251d6-b368) has XSS via an uploaded document, when the attacker has write access to a project.
- CVE-2020-8777Mar 2, 2020risk 0.03cvss —epss 0.03
Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 (rb65251d6-b368) has XSS via a user profile photo, as demonstrated by a SCRIPT element in an SVG document.
- CVE-2020-8776Mar 2, 2020risk 0.03cvss —epss 0.03
Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 (rb65251d6-b368) has XSS via the URL property of a file.
- CVE-2019-7273Jul 1, 2019risk 0.03cvss —epss 0.04
Optergy Proton/Enterprise devices allow Cross-Site Request Forgery (CSRF).
- CVE-2020-37100Feb 3, 2026risk 0.00cvss —epss 0.00
Sync Breeze Enterprise 12.4.18 contains an unquoted service path vulnerability that allows local attackers to execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path by placing malicious executables in specific file system locations…
- CVE-2025-59900Jan 28, 2026risk 0.00cvss —epss 0.00
Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site Scripting (XSS) vulnerability. An attacker could send malicious content to an authenticated user and steal information from their session due to insufficient…
- CVE-2025-59897Jan 28, 2026risk 0.00cvss —epss 0.00
Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site Scripting (XSS) vulnerability. An attacker could send malicious content to an authenticated user and steal information from their session due to insufficient…
- CVE-2025-59896Jan 28, 2026risk 0.00cvss —epss 0.00
Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site Scripting (XSS) vulnerability. An attacker could send malicious content to an authenticated user and steal information from their session due to insufficient…
- CVE-2025-59895Jan 28, 2026risk 0.00cvss —epss 0.00
Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a remote denial-of-service (DoS) vulnerability in the configuration restore functionality. The issue is due to insufficient validation of user-supplied data during this process. An attacker could…
- CVE-2025-59894Jan 28, 2026risk 0.00cvss —epss 0.00
Cross-Site request forgery (CSRF) vulnerability in Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18. An authenticated user could cause another user to perform unwanted actions within the application they are logged into. This vulnerability is possible…
- CVE-2025-59892Jan 28, 2026risk 0.00cvss —epss 0.00
Cross-Site request forgery (CSRF) vulnerability in Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18. An authenticated user could cause another user to perform unwanted actions within the application they are logged into. This vulnerability is possible…
- CVE-2025-59891Jan 28, 2026risk 0.00cvss —epss 0.00
Cross-Site request forgery (CSRF) vulnerability in Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18. An authenticated user could cause another user to perform unwanted actions within the application they are logged into. This vulnerability is possible…
- CVE-2025-64030Dec 1, 2025risk 0.00cvss —epss 0.00
Eximbills Enterprise 4.1.5 (Built on 2020-10-30) is vulnerable to authenticated stored cross-site scripting (CWE-79) via the /EximBillWeb/servlets/WSTrxManager endpoint. Unsanitized user input in the TMPL_INFO parameter is stored server-side and rendered to other users, enabling…
- CVE-2025-27223Oct 27, 2025risk 0.00cvss —epss 0.02
TRUfusion Enterprise through 7.10.4.0 exposes the encrypted COOKIEID as an authentication mechanism for some endpoints such as /trufusionPortal/getProjectList. However, the application uses a static key to create the encrypted cookie, ultimately allowing anyone to forge cookies…
- CVE-2021-41588Sep 24, 2021risk 0.00cvss —epss 0.01
In Gradle Enterprise before 2021.1.3, a crafted request can trigger deserialization of arbitrary unsafe Java objects. The attacker must have the encryption and signing keys.
- CVE-2020-13540Jan 5, 2021risk 0.00cvss —epss 0.01
An exploitable local privilege elevation vulnerability exists in the file system permissions of the Win-911 Enterprise V4.20.13 install directory via WIN-911 Account Change Utility. Depending on the vector chosen, an attacker can overwrite various executables which could lead to…
- CVE-2020-13539Jan 5, 2021risk 0.00cvss —epss 0.01
An exploitable local privilege elevation vulnerability exists in the file system permissions of the Win-911 Enterprise V4.20.13 install directory via “WIN-911 Mobile Runtime” service. Depending on the vector chosen, an attacker can overwrite various executables which could…
- CVE-2019-11783Dec 22, 2020risk 0.00cvss —epss 0.01
Improper access control in mail module (channel partners) in Odoo Community 14.0 and earlier and Odoo Enterprise 14.0 and earlier, allows remote authenticated users to subscribe to arbitrary mail channels uninvited.
- CVE-2019-11782Dec 22, 2020risk 0.00cvss —epss 0.01
Improper access control in Odoo Community 14.0 and earlier and Odoo Enterprise 14.0 and earlier, allows remote authenticated users with access to contact management to modify user accounts, leading to privilege escalation.
- CVE-2018-15645Dec 22, 2020risk 0.00cvss —epss 0.01
Improper access control in message routing in Odoo Community 12.0 and earlier and Odoo Enterprise 12.0 and earlier allows remote authenticated users to create arbitrary records via crafted payloads, which may allow privilege escalation.
- CVE-2018-15634Dec 22, 2020risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) issue in attachment management in Odoo Community 14.0 and earlier and Odoo Enterprise 14.0 and earlier, allows remote attackers to inject arbitrary web script in the browser of a victim via a crafted link.
- CVE-2020-15770Sep 18, 2020risk 0.00cvss —epss 0.00
An issue was discovered in Gradle Enterprise 2018.5. An attacker can potentially make repeated attempts to guess a local user's password, due to lack of lock-out after excessive failed logins.
- CVE-2018-14860Jul 3, 2019risk 0.00cvss —epss 0.02
Improper sanitization of dynamic user expressions in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier allows authenticated privileged users to escape from the dynamic expression sandbox and execute arbitrary code on the hosting system.
- CVE-2019-7278Jul 1, 2019risk 0.00cvss —epss 0.02
Optergy Proton/Enterprise devices have an Unauthenticated SMS Sending Service.
- CVE-2019-11488Apr 25, 2019risk 0.00cvss —epss 0.02
Incorrect Access Control in the Account Access / Password Reset Link in SimplyBook.me Enterprise before 2019-04-23 allows Unauthorized Attackers to READ/WRITE Customer or Administrator data via a persistent HTTP GET Request Hash Link Replay, as demonstrated by a login-link from…
- CVE-2019-11402Apr 21, 2019risk 0.00cvss —epss 0.01
In Gradle Enterprise before 2018.5.3, Build Cache Nodes did not store the credentials at rest in an encrypted format.
- CVE-2006-6291Dec 5, 2006risk 0.00cvss —epss 0.03
Stack overflow in the IMAP module (MEIMAPS.EXE) in MailEnable Professional 1.6 through 1.83 and 2.0 through 2.33, and MailEnable Enterprise 1.1 through 1.40 and 2.0 through 2.33, allows remote authenticated users to cause a denial of service (crash) via a long argument…
- CVE-2006-5742Nov 6, 2006risk 0.00cvss —epss 0.01
The AirMagnet Enterprise console and Remote Sensor console (Laptop) in AirMagnet Enterprise before 7.5 build 6307 allows remote attackers to inject arbitrary web script or HTML from a certain embedded Internet Explorer object into an SSID template value, aka "Cross-Application…
- CVE-2006-5746Nov 6, 2006risk 0.00cvss —epss 0.01
The console in AirMagnet Enterprise before 7.5 build 6307 does not properly validate the Enterprise Server certificate, which allows remote attackers to read network traffic via a man-in-the-middle (MITM) attack, possibly related to the use of self-signed certificates.
- CVE-2006-5741Nov 6, 2006risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in AirMagnet Enterprise before 7.5 build 6307 allow remote attackers to inject arbitrary web script or HTML via (1) the 404 error page of the Smart Sensor Edge Sensor; (2) the user name for a failed logon, when displayed in the…