VYPR
Vendor

AxxonSoft

Products
5
CVEs
9
Across products
12
Status
Private

Products

5

Recent CVEs

9
  • CVE-2018-7467HigFeb 27, 2018
    risk 0.50cvss 7.5epss 0.11

    AxxonSoft Axxon Next has Directory Traversal via an initial /css//..%2f substring in a URI.

  • CVE-2025-10227Sep 10, 2025
    risk 0.00cvss epss 0.00

    Missing Encryption of Sensitive Data (CWE-311) in the Object Archive component in AxxonSoft Axxon One (C-Werk) before 2.0.8 on Windows and Linux allows a local attacker with access to exported storage or stolen physical drives to extract sensitive archive data in plaintext via…

  • CVE-2025-10226Sep 10, 2025
    risk 0.00cvss epss 0.01

    Dependency on Vulnerable Third-Party Component (CWE-1395) in the PostgreSQL backend in AxxonSoft Axxon One (C-Werk) 2.0.8 and earlier on Windows and Linux allows a remote attacker to escalate privileges, execute arbitrary code, or cause denial-of-service via exploitation of…

  • CVE-2025-10225Sep 10, 2025
    risk 0.00cvss epss 0.00

    Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) in the OpenSSL-based session module in AxxonSoft Axxon One (C-Werk) 2.0.6 and earlier on Windows allows a remote attacker under high load conditions to cause application crashes or unpredictable…

  • CVE-2025-10224Sep 10, 2025
    risk 0.00cvss epss 0.00

    Improper Authentication (CWE-287) in the LDAP authentication engine in AxxonSoft Axxon One (C-Werk) 2.0.2 and earlier on Windows allows a remote authenticated user to be denied access or misassigned roles via incorrect evaluation of nested LDAP group memberships during login.

  • CVE-2025-10223Sep 10, 2025
    risk 0.00cvss epss 0.00

    Insufficient Session Expiration (CWE-613) in the Web Admin Panel in AxxonSoft Axxon One (C-Werk) prior to 2.0.3 on Windows allows a local or remote authenticated attacker to retain access with removed privileges via continued use of an unexpired session token until natural…

  • CVE-2025-10222Sep 10, 2025
    risk 0.00cvss epss 0.00

    Exposure of Sensitive Information to an Unauthorized Actor (CWE-200) in the diagnostic dump component in AxxonSoft Axxon One VMS (C-Werk) 2.0.0 through 2.0.1 on Windows allows a local attacker to obtain licensing-related information such as timestamps, license states, and…

  • CVE-2025-10221Sep 10, 2025
    risk 0.00cvss epss 0.00

    Insertion of Sensitive Information into Log File (CWE-532) in the ARP Agent component in AxxonSoft Axxon One / AxxonNet / C-WerkNet 2.0.4 and earlier on Windows platforms allows a local attacker to obtain plaintext credentials via reading TRACE log files containing serialized…

  • CVE-2025-10220Sep 10, 2025
    risk 0.00cvss epss 0.01

    Use of Unmaintained Third Party Components (CWE-1104) in the NuGet dependency components in AxxonSoft Axxon One VMS 2.0.0 through 2.0.4 on Windows allows a remote attacker to execute arbitrary code or bypass security features via exploitation of vulnerable third-party packages…