Copeland
Products
3- 3 CVEs
- 3 CVEs
- 3 CVEs
Recent CVEs
5| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-25109 | Hig | 0.52 | 8.0 | 0.02 | Feb 27, 2026 | An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the devices field when accessing the get setup route. | ||
| CVE-2026-20910 | Hig | 0.52 | 8.0 | 0.01 | Feb 27, 2026 | An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the devices field of the firmware update action to achieve remote code… | ||
| CVE-2026-20797 | Med | 0.28 | 4.3 | 0.01 | Feb 27, 2026 | A stack based buffer overflow exists in an API route of XWEB Pro version 1.12.1 and prior, enabling unauthenticated attackers to cause stack corruption and a termination of the program. | ||
| CVE-2026-21718 | 0.00 | — | 0.00 | Feb 27, 2026 | An authentication bypass vulnerability exists in Copeland XWEB Pro version 1.12.1 and prior, enabling any attackers to bypass the authentication requirement and achieve pre-authenticated code execution on the system. | |||
| CVE-2026-25085 | 0.00 | — | 0.00 | Feb 27, 2026 | A vulnerability exists in Copeland XWEB Pro version 1.12.1 and prior, in which an unexpected return value from the authentication routine is later on processed as a legitimate value, resulting in an authentication bypass. |
- risk 0.52cvss 8.0epss 0.02
An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the devices field when accessing the get setup route.
- risk 0.52cvss 8.0epss 0.01
An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the devices field of the firmware update action to achieve remote code…
- risk 0.28cvss 4.3epss 0.01
A stack based buffer overflow exists in an API route of XWEB Pro version 1.12.1 and prior, enabling unauthenticated attackers to cause stack corruption and a termination of the program.
- CVE-2026-21718Feb 27, 2026risk 0.00cvss —epss 0.00
An authentication bypass vulnerability exists in Copeland XWEB Pro version 1.12.1 and prior, enabling any attackers to bypass the authentication requirement and achieve pre-authenticated code execution on the system.
- CVE-2026-25085Feb 27, 2026risk 0.00cvss —epss 0.00
A vulnerability exists in Copeland XWEB Pro version 1.12.1 and prior, in which an unexpected return value from the authentication routine is later on processed as a legitimate value, resulting in an authentication bypass.