VYPR
Vendor

Akamai

Products
13
CVEs
19
Across products
20
Status
Private

Products

13

Recent CVEs

19
  • CVE-2016-10157CriJan 23, 2017
    risk 0.64cvss 9.8epss 0.02

    Akamai NetSession 1.9.3.1 is vulnerable to DLL Hijacking: it tries to load CSUNSAPI.dll without supplying the complete path. The issue is aggravated because the mentioned DLL is missing from the installation, thus making it possible to hijack the DLL and subsequently inject code…

  • CVE-2025-24527HigJan 29, 2025
    risk 0.52cvss 8.0epss 0.00

    An issue was discovered in Akamai Enterprise Application Access (EAA) before 2025-01-17. If an admin knows another tenant's 128-bit connector GUID, they can execute debug commands on that connector.

  • CVE-2025-53841HigDec 3, 2025
    risk 0.51cvss 7.8epss 0.00

    The GC-AGENTS-SERVICE running as part of Akamai´s Guardicore Platform Agent for Windows versions prior to v49.20.1, v50.15.0, v51.12.0, v52.2.0 is affected by a local privilege escalation vulnerability. The service will attempt to read an OpenSSL configuration file from a…

  • CVE-2026-34354HigMay 8, 2026
    risk 0.48cvss 7.4epss 0.00

    Akamai Guardicore Platform Agent (GPA) and Zero Trust Client on Linux and macOS allow TOCTOU-based local privilege escalation. The GPA service creates an IPC socket in the world-writable /tmp directory. It accepts unauthenticated IPC control messages. This enables a TOCTOU…

  • CVE-2025-52491MedJun 30, 2025
    risk 0.38cvss 5.8epss 0.00

    Akamai CloudTest before 60 2025.06.09 (12989) allows SSRF.

  • CVE-2025-49493MedJun 30, 2025
    risk 0.38cvss 5.8epss 0.03

    Akamai CloudTest before 60 2025.06.02 (12988) allows file inclusion via XML External Entity (XXE) injection.

  • CVE-2025-30143MedMar 17, 2025
    risk 0.35cvss 5.4epss 0.00

    Rule 3000216 (before version 2) in Akamai App & API Protector (with Akamai ASE) before 2024-12-10 does not properly consider JavaScript variable assignment to built-in functions and properties.

  • CVE-2025-54568LowJul 25, 2025
    risk 0.24cvss 3.7epss 0.00

    Akamai Rate Control alpha before 2025 allows attackers to send requests above the stipulated thresholds because the rate is measured separately for each edge node.

  • CVE-2008-1770Jun 4, 2008
    risk 0.04cvss epss 0.10

    CRLF injection vulnerability in Akamai Download Manager ActiveX control before 2.2.3.6 allows remote attackers to force the download and execution of arbitrary files via a URL parameter containing an encoded LF followed by a malicious target line.

  • CVE-2007-6339May 1, 2008
    risk 0.01cvss epss 0.11

    The Akamai Download Manager (aka DLM or dlmanager) ActiveX control (DownloadManagerV2.ocx) before 2.2.3.5 allows remote attackers to force the download and execution of arbitrary code via unspecified "undocumented object parameters."

  • CVE-2025-66373Dec 4, 2025
    risk 0.00cvss epss 0.00

    Akamai Ghost on Akamai CDN edge servers before 2025-11-17 has a chunked request body processing error that can result in HTTP request smuggling. When Akamai Ghost receives an invalid chunked body that includes a chunk size different from the actual size of the following chunk…

  • CVE-2024-45164Nov 4, 2024
    risk 0.00cvss epss 0.00

    Akamai SIA (Secure Internet Access Enterprise) ThreatAvert, in SPS (Security and Personalization Services) before the latest 19.2.0 patch and Apps Portal before 19.2.0.3 or 19.2.0.20240814, has incorrect authorization controls for the Admin functionality on the ThreatAvert…

  • CVE-2024-3930Jul 30, 2024
    risk 0.00cvss epss 0.00

    In versions of Akana API Platform prior to 2024.1.0 a flaw resulting in XML External Entity (XXE) was discovered.

  • CVE-2024-5250Jul 30, 2024
    risk 0.00cvss epss 0.00

    In versions of Akana API Platform prior to 2024.1.0 overly verbose errors can be found in SAML integrations

  • CVE-2024-5249Jul 30, 2024
    risk 0.00cvss epss 0.00

    In versions of Akana API Platform prior to 2024.1.0, SAML tokens can be replayed.

  • CVE-2021-40683Oct 4, 2021
    risk 0.00cvss epss 0.00

    In Akamai EAA (Enterprise Application Access) Client before 2.3.1, 2.4.x before 2.4.1, and 2.5.x before 2.5.3, an unquoted path may allow an attacker to hijack the flow of execution.

  • CVE-2019-18847Aug 26, 2020
    risk 0.00cvss epss 0.02

    Enterprise Access Client Auto-Updater allows for Remote Code Execution prior to version 2.0.1.

  • CVE-2019-11011Jun 21, 2019
    risk 0.00cvss epss 0.03

    Akamai CloudTest before 58.30 allows remote code execution.

  • CVE-2009-2582Jul 23, 2009
    risk 0.00cvss epss 0.03

    Stack-based buffer overflow in manager.exe in Akamai Download Manager (aka DLM or dlmanager) before 2.2.4.8 allows remote web servers to execute arbitrary code via a malformed HTTP response during a Redswoosh download, a different vulnerability than CVE-2007-1891 and…