Hgiga
Products
6- 3 CVEs
- 3 CVEs
- 2 CVEs
- 2 CVEs
- 1 CVE
- 1 CVE
Recent CVEs
12| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-11900 | Cri | 0.64 | 9.8 | 0.00 | Oct 17, 2025 | The iSherlock developed by HGiga has an OS Command Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary OS commands and execute them on the server. | ||
| CVE-2025-7451 | Cri | 0.64 | 9.8 | 0.01 | Jul 14, 2025 | The iSherlock developed by Hgiga has an OS Command Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary OS commands and execute them on the server. This vulnerability has already been exploited. Please update immediately. | ||
| CVE-2026-2234 | Cri | 0.59 | 9.1 | 0.00 | Feb 9, 2026 | C&Cm@il developed by HGiga has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read and modify any user's mail content. | ||
| CVE-2026-2236 | Hig | 0.49 | 7.5 | 0.00 | Feb 9, 2026 | C&Cm@il developed by HGiga has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents. | ||
| CVE-2026-2235 | Med | 0.42 | 6.5 | 0.00 | Feb 9, 2026 | C&Cm@il developed by HGiga has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents. | ||
| CVE-2021-37913 | 0.01 | — | 0.08 | Sep 15, 2021 | The HGiga OAKlouds mobile portal does not filter special characters of the IPv6 Gateway parameter of the network interface card setting page. Remote attackers can use this vulnerability to perform command injection and execute arbitrary commands in the system without logging in. | |||
| CVE-2021-37912 | 0.01 | — | 0.08 | Sep 15, 2021 | The HGiga OAKlouds mobile portal does not filter special characters of the Ethernet number parameter of the network interface card setting page. Remote attackers can use this vulnerability to perform command injection and execute arbitrary commands in the system without logging in. | |||
| CVE-2024-26261 | 0.00 | — | 0.00 | Feb 15, 2024 | The functionality for file download in HGiga OAKlouds' certain modules contains an Arbitrary File Read and Delete vulnerability. Attackers can put file path in specific request parameters, allowing them to download the file without login. Furthermore, the file will be deleted after being downloaded. | |||
| CVE-2024-26260 | 0.00 | — | 0.03 | Feb 15, 2024 | The functionality for synchronization in HGiga OAKlouds' certain moudules has an OS Command Injection vulnerability, allowing remote attackers to inject system commands within specific request parameters. This enables the execution of arbitrary code on the remote server without permission. | |||
| CVE-2022-38118 | 0.00 | — | 0.01 | Aug 30, 2022 | OAKlouds Portal website’s Meeting Room has insufficient validation for user input. A remote attacker with general user privilege can perform SQL-injection to access, modify, delete database, perform system operations and disrupt service. | |||
| CVE-2021-22851 | 0.00 | — | 0.00 | Jan 19, 2021 | HGiga EIP product contains SQL Injection vulnerability. Attackers can inject SQL commands into specific URL parameter (document management page) to obtain database schema and data. | |||
| CVE-2021-22850 | 0.00 | — | 0.00 | Jan 19, 2021 | HGiga EIP product lacks ineffective access control in certain pages that allow attackers to access database or perform privileged functions. |
- risk 0.64cvss 9.8epss 0.00
The iSherlock developed by HGiga has an OS Command Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary OS commands and execute them on the server.
- risk 0.64cvss 9.8epss 0.01
The iSherlock developed by Hgiga has an OS Command Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary OS commands and execute them on the server. This vulnerability has already been exploited. Please update immediately.
- risk 0.59cvss 9.1epss 0.00
C&Cm@il developed by HGiga has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read and modify any user's mail content.
- risk 0.49cvss 7.5epss 0.00
C&Cm@il developed by HGiga has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents.
- risk 0.42cvss 6.5epss 0.00
C&Cm@il developed by HGiga has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents.
- CVE-2021-37913Sep 15, 2021risk 0.01cvss —epss 0.08
The HGiga OAKlouds mobile portal does not filter special characters of the IPv6 Gateway parameter of the network interface card setting page. Remote attackers can use this vulnerability to perform command injection and execute arbitrary commands in the system without logging in.
- CVE-2021-37912Sep 15, 2021risk 0.01cvss —epss 0.08
The HGiga OAKlouds mobile portal does not filter special characters of the Ethernet number parameter of the network interface card setting page. Remote attackers can use this vulnerability to perform command injection and execute arbitrary commands in the system without logging in.
- CVE-2024-26261Feb 15, 2024risk 0.00cvss —epss 0.00
The functionality for file download in HGiga OAKlouds' certain modules contains an Arbitrary File Read and Delete vulnerability. Attackers can put file path in specific request parameters, allowing them to download the file without login. Furthermore, the file will be deleted after being downloaded.
- CVE-2024-26260Feb 15, 2024risk 0.00cvss —epss 0.03
The functionality for synchronization in HGiga OAKlouds' certain moudules has an OS Command Injection vulnerability, allowing remote attackers to inject system commands within specific request parameters. This enables the execution of arbitrary code on the remote server without permission.
- CVE-2022-38118Aug 30, 2022risk 0.00cvss —epss 0.01
OAKlouds Portal website’s Meeting Room has insufficient validation for user input. A remote attacker with general user privilege can perform SQL-injection to access, modify, delete database, perform system operations and disrupt service.
- CVE-2021-22851Jan 19, 2021risk 0.00cvss —epss 0.00
HGiga EIP product contains SQL Injection vulnerability. Attackers can inject SQL commands into specific URL parameter (document management page) to obtain database schema and data.
- CVE-2021-22850Jan 19, 2021risk 0.00cvss —epss 0.00
HGiga EIP product lacks ineffective access control in certain pages that allow attackers to access database or perform privileged functions.