KoreLogic
Products
4- 3 CVEs
- 2 CVEs
- 1 CVE
- 1 CVE
Recent CVEs
7| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-5099 | Cri | 0.64 | 9.8 | 0.01 | May 23, 2025 | An Out of Bounds Write occurs when the native library attempts PDF rendering, which can be exploited to achieve memory corruption and potentially arbitrary code execution. | ||
| CVE-2024-6891 | Hig | 0.57 | 8.8 | 0.01 | Aug 8, 2024 | Attackers with a valid username and password can exploit a python code injection vulnerability during the natural login flow. | ||
| CVE-2024-6707 | Hig | 0.57 | 8.8 | 0.01 | Aug 7, 2024 | Attacker controlled files can be uploaded to arbitrary locations on the web server's filesystem by abusing a path traversal vulnerability. | ||
| CVE-2025-5100 | Hig | 0.52 | 8.0 | 0.00 | May 23, 2025 | A double-free condition occurs during the cleanup of temporary image files, which can be exploited to achieve memory corruption and potentially arbitrary code execution. | ||
| CVE-2024-6893 | Hig | 0.51 | 7.5 | 0.33 | Aug 8, 2024 | The "soap_cgi.pyc" API handler allows the XML body of SOAP requests to contain references to external entities. This allows an unauthenticated attacker to read local files, perform server-side request forgery, and overwhelm the web server resources. | ||
| CVE-2025-54766 | Med | 0.35 | 5.3 | 0.07 | Jul 29, 2025 | An API endpoint that should be limited to web application administrators is hidden from, but accessible by, lower-level read only web application users. The endpoint can be used to export the appliance configuration, exposing sensitive information. | ||
| CVE-2025-54765 | Med | 0.35 | 5.3 | 0.07 | Jul 29, 2025 | An API endpoint that should be limited to web application administrators is hidden from, but accessible by, lower-level read only web application users. The endpoint can be used to import the appliance configuration, allowing an attacker to control the configuration of the… |
- risk 0.64cvss 9.8epss 0.01
An Out of Bounds Write occurs when the native library attempts PDF rendering, which can be exploited to achieve memory corruption and potentially arbitrary code execution.
- risk 0.57cvss 8.8epss 0.01
Attackers with a valid username and password can exploit a python code injection vulnerability during the natural login flow.
- risk 0.57cvss 8.8epss 0.01
Attacker controlled files can be uploaded to arbitrary locations on the web server's filesystem by abusing a path traversal vulnerability.
- risk 0.52cvss 8.0epss 0.00
A double-free condition occurs during the cleanup of temporary image files, which can be exploited to achieve memory corruption and potentially arbitrary code execution.
- risk 0.51cvss 7.5epss 0.33
The "soap_cgi.pyc" API handler allows the XML body of SOAP requests to contain references to external entities. This allows an unauthenticated attacker to read local files, perform server-side request forgery, and overwhelm the web server resources.
- risk 0.35cvss 5.3epss 0.07
An API endpoint that should be limited to web application administrators is hidden from, but accessible by, lower-level read only web application users. The endpoint can be used to export the appliance configuration, exposing sensitive information.
- risk 0.35cvss 5.3epss 0.07
An API endpoint that should be limited to web application administrators is hidden from, but accessible by, lower-level read only web application users. The endpoint can be used to import the appliance configuration, allowing an attacker to control the configuration of the…