VYPR

Vendor CVEs

Airmagnet

All CVEs

31 total · sorted by risk
  • CVE-2026-25076HigMar 13, 2026
    risk 0.47cvss 7.3epss 0.00

    Anchore Enterprise versions before 5.25.1 contain an SQL injection vulnerability in the GraphQL Reports API. An authenticated attacker that is able to access the GraphQL API could execute arbitrary SQL instructions resulting in modifications to the data contained in the Anchore…

  • CVE-2020-8778Mar 2, 2020
    risk 0.03cvss epss 0.03

    Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 (rb65251d6-b368) has XSS via an uploaded document, when the attacker has write access to a project.

  • CVE-2020-8777Mar 2, 2020
    risk 0.03cvss epss 0.03

    Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 (rb65251d6-b368) has XSS via a user profile photo, as demonstrated by a SCRIPT element in an SVG document.

  • CVE-2020-8776Mar 2, 2020
    risk 0.03cvss epss 0.03

    Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 (rb65251d6-b368) has XSS via the URL property of a file.

  • CVE-2019-7273Jul 1, 2019
    risk 0.03cvss epss 0.04

    Optergy Proton/Enterprise devices allow Cross-Site Request Forgery (CSRF).

  • CVE-2020-37100Feb 3, 2026
    risk 0.00cvss epss 0.00

    Sync Breeze Enterprise 12.4.18 contains an unquoted service path vulnerability that allows local attackers to execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path by placing malicious executables in specific file system locations…

  • CVE-2025-59900Jan 28, 2026
    risk 0.00cvss epss 0.00

    Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site Scripting (XSS) vulnerability. An attacker could send malicious content to an authenticated user and steal information from their session due to insufficient…

  • CVE-2025-59897Jan 28, 2026
    risk 0.00cvss epss 0.00

    Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site Scripting (XSS) vulnerability. An attacker could send malicious content to an authenticated user and steal information from their session due to insufficient…

  • CVE-2025-59896Jan 28, 2026
    risk 0.00cvss epss 0.00

    Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site Scripting (XSS) vulnerability. An attacker could send malicious content to an authenticated user and steal information from their session due to insufficient…

  • CVE-2025-59895Jan 28, 2026
    risk 0.00cvss epss 0.00

    Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a remote denial-of-service (DoS) vulnerability in the configuration restore functionality. The issue is due to insufficient validation of user-supplied data during this process. An attacker could…

  • CVE-2025-59894Jan 28, 2026
    risk 0.00cvss epss 0.00

    Cross-Site request forgery (CSRF) vulnerability in Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18. An authenticated user could cause another user to perform unwanted actions within the application they are logged into. This vulnerability is possible…

  • CVE-2025-59892Jan 28, 2026
    risk 0.00cvss epss 0.00

    Cross-Site request forgery (CSRF) vulnerability in Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18. An authenticated user could cause another user to perform unwanted actions within the application they are logged into. This vulnerability is possible…

  • CVE-2025-59891Jan 28, 2026
    risk 0.00cvss epss 0.00

    Cross-Site request forgery (CSRF) vulnerability in Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18. An authenticated user could cause another user to perform unwanted actions within the application they are logged into. This vulnerability is possible…

  • CVE-2025-64030Dec 1, 2025
    risk 0.00cvss epss 0.00

    Eximbills Enterprise 4.1.5 (Built on 2020-10-30) is vulnerable to authenticated stored cross-site scripting (CWE-79) via the /EximBillWeb/servlets/WSTrxManager endpoint. Unsanitized user input in the TMPL_INFO parameter is stored server-side and rendered to other users, enabling…

  • CVE-2025-27223Oct 27, 2025
    risk 0.00cvss epss 0.02

    TRUfusion Enterprise through 7.10.4.0 exposes the encrypted COOKIEID as an authentication mechanism for some endpoints such as /trufusionPortal/getProjectList. However, the application uses a static key to create the encrypted cookie, ultimately allowing anyone to forge cookies…

  • CVE-2021-41588Sep 24, 2021
    risk 0.00cvss epss 0.01

    In Gradle Enterprise before 2021.1.3, a crafted request can trigger deserialization of arbitrary unsafe Java objects. The attacker must have the encryption and signing keys.

  • CVE-2020-13540Jan 5, 2021
    risk 0.00cvss epss 0.01

    An exploitable local privilege elevation vulnerability exists in the file system permissions of the Win-911 Enterprise V4.20.13 install directory via WIN-911 Account Change Utility. Depending on the vector chosen, an attacker can overwrite various executables which could lead to…

  • CVE-2020-13539Jan 5, 2021
    risk 0.00cvss epss 0.01

    An exploitable local privilege elevation vulnerability exists in the file system permissions of the Win-911 Enterprise V4.20.13 install directory via “WIN-911 Mobile Runtime” service. Depending on the vector chosen, an attacker can overwrite various executables which could…

  • CVE-2019-11783Dec 22, 2020
    risk 0.00cvss epss 0.01

    Improper access control in mail module (channel partners) in Odoo Community 14.0 and earlier and Odoo Enterprise 14.0 and earlier, allows remote authenticated users to subscribe to arbitrary mail channels uninvited.

  • CVE-2019-11782Dec 22, 2020
    risk 0.00cvss epss 0.01

    Improper access control in Odoo Community 14.0 and earlier and Odoo Enterprise 14.0 and earlier, allows remote authenticated users with access to contact management to modify user accounts, leading to privilege escalation.

  • CVE-2018-15645Dec 22, 2020
    risk 0.00cvss epss 0.01

    Improper access control in message routing in Odoo Community 12.0 and earlier and Odoo Enterprise 12.0 and earlier allows remote authenticated users to create arbitrary records via crafted payloads, which may allow privilege escalation.

  • CVE-2018-15634Dec 22, 2020
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) issue in attachment management in Odoo Community 14.0 and earlier and Odoo Enterprise 14.0 and earlier, allows remote attackers to inject arbitrary web script in the browser of a victim via a crafted link.

  • CVE-2020-15770Sep 18, 2020
    risk 0.00cvss epss 0.00

    An issue was discovered in Gradle Enterprise 2018.5. An attacker can potentially make repeated attempts to guess a local user's password, due to lack of lock-out after excessive failed logins.

  • CVE-2018-14860Jul 3, 2019
    risk 0.00cvss epss 0.02

    Improper sanitization of dynamic user expressions in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier allows authenticated privileged users to escape from the dynamic expression sandbox and execute arbitrary code on the hosting system.

  • CVE-2019-7278Jul 1, 2019
    risk 0.00cvss epss 0.02

    Optergy Proton/Enterprise devices have an Unauthenticated SMS Sending Service.

  • CVE-2019-11488Apr 25, 2019
    risk 0.00cvss epss 0.02

    Incorrect Access Control in the Account Access / Password Reset Link in SimplyBook.me Enterprise before 2019-04-23 allows Unauthorized Attackers to READ/WRITE Customer or Administrator data via a persistent HTTP GET Request Hash Link Replay, as demonstrated by a login-link from…

  • CVE-2019-11402Apr 21, 2019
    risk 0.00cvss epss 0.01

    In Gradle Enterprise before 2018.5.3, Build Cache Nodes did not store the credentials at rest in an encrypted format.

  • CVE-2006-6291Dec 5, 2006
    risk 0.00cvss epss 0.03

    Stack overflow in the IMAP module (MEIMAPS.EXE) in MailEnable Professional 1.6 through 1.83 and 2.0 through 2.33, and MailEnable Enterprise 1.1 through 1.40 and 2.0 through 2.33, allows remote authenticated users to cause a denial of service (crash) via a long argument…

  • CVE-2006-5742Nov 6, 2006
    risk 0.00cvss epss 0.01

    The AirMagnet Enterprise console and Remote Sensor console (Laptop) in AirMagnet Enterprise before 7.5 build 6307 allows remote attackers to inject arbitrary web script or HTML from a certain embedded Internet Explorer object into an SSID template value, aka "Cross-Application…

  • CVE-2006-5746Nov 6, 2006
    risk 0.00cvss epss 0.01

    The console in AirMagnet Enterprise before 7.5 build 6307 does not properly validate the Enterprise Server certificate, which allows remote attackers to read network traffic via a man-in-the-middle (MITM) attack, possibly related to the use of self-signed certificates.

  • CVE-2006-5741Nov 6, 2006
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in AirMagnet Enterprise before 7.5 build 6307 allow remote attackers to inject arbitrary web script or HTML via (1) the 404 error page of the Smart Sensor Edge Sensor; (2) the user name for a failed logon, when displayed in the…