VYPR

Vendor CVEs

Thales

All CVEs

37 total · sorted by risk
  • CVE-2023-31223HigApr 25, 2023
    risk 0.57cvss 8.7epss 0.01

    Dradis before 4.8.0 allows persistent XSS by authenticated author users, related to avatars.

  • CVE-2023-26097HigApr 24, 2023
    risk 0.55cvss 8.4epss 0.00

    An issue was discovered in Telindus Apsal 3.14.2022.235 b. Unauthorized actions that could modify the application behaviour may not be blocked.

  • CVE-2023-26098HigApr 25, 2023
    risk 0.53cvss 8.2epss 0.00

    An issue was discovered in the Open Document feature in Telindus Apsal 3.14.2022.235 b. An attacker may upload a crafted file to execute arbitrary code.

  • CVE-2024-0197HigFeb 27, 2024
    risk 0.51cvss 7.8epss 0.00

    A flaw in the installer for Thales SafeNet Sentinel HASP LDK prior to 9.16 on Windows allows an attacker to escalate their privilege level via local access.

  • CVE-2023-7016HigFeb 27, 2024
    risk 0.51cvss 7.8epss 0.00

    A flaw in Thales SafeNet Authentication Client prior to 10.8 R10 on Windows allows an attacker to execute code at a SYSTEM level via local access.

  • CVE-2023-5993HigFeb 27, 2024
    risk 0.51cvss 7.8epss 0.00

    A flaw in the Windows Installer in Thales SafeNet Authentication Client prior to 10.8 R10 on Windows allows an attacker to escalate their privilege level via local access.

  • CVE-2023-51711HigJan 24, 2024
    risk 0.51cvss 7.8epss 0.00

    An issue was discovered in Regify Regipay Client for Windows version 4.5.1.0 allows DLL hijacking: a user can trigger the execution of arbitrary code every time the product is executed.

  • CVE-2022-34909HigFeb 27, 2023
    risk 0.50cvss 7.7epss 0.00

    An issue was discovered in the A4N (Aremis 4 Nomad) application 1.5.0 for Android. It allows SQL Injection, by which an attacker can bypass authentication and retrieve data that is stored in the database.

  • CVE-2021-38616HigSep 7, 2021
    risk 0.50cvss 7.6epss 0.01

    In Eigen NLP 3.10.1, a lack of access control on the /auth/v1/user/{user-guid}/ user edition endpoint could permit any logged-in user to increase their own permissions via a user_permissions array in a PATCH request. A guest user could modify other users' profiles and much more.

  • CVE-2026-6805HigMay 7, 2026
    risk 0.49cvss 7.5epss 0.00

    Vulnerability on the external sharing feature in Cryptobox allows an attacker knowing a sharing link URL to retrieve information from the server allowing an offline brute-force attack of the access code associated to this sharing link.

  • CVE-2021-38618HigOct 4, 2021
    risk 0.48cvss 7.4epss 0.01

    In GFOS Workforce Management 4.8.272.1, the login page of application is prone to authentication bypass, allowing anyone (who knows a user's credentials except the password) to get access to an account. This occurs because of JSESSIONID mismanagement.

  • CVE-2021-42138HigDec 20, 2021
    risk 0.47cvss 7.2epss 0.01

    A user of a machine protected by SafeNet Agent for Windows Logon may leverage weak entropy to access the encrypted credentials of any or all the users on that machine.

  • CVE-2018-18466HigMar 21, 2019
    risk 0.46cvss 7.0epss 0.00

    An issue was discovered in SecurEnvoy SecurAccess 9.3.502. When put in Debug mode and used for RDP connections, the application stores the emergency credentials in cleartext in the logs (present in the DEBUG folder) that can be accessed by anyone. NOTE: The vendor disputes this…

  • CVE-2021-42056MedJun 24, 2022
    risk 0.44cvss 6.7epss 0.01

    Thales Safenet Authentication Client (SAC) for Linux and Windows through 10.7.7 creates insecure temporary hid and lock files allowing a local attacker, through a symlink attack, to overwrite arbitrary files, and potentially achieve arbitrary command execution with high…

  • CVE-2015-1878MedAug 18, 2017
    risk 0.44cvss 6.8epss 0.00

    Thales nShield Connect hardware models 500, 1500, 6000, 500+, 1500+, and 6000+ before 11.72 allows physically proximate attackers to sign arbitrary data with previously loaded signing keys, extract the device identification key [KNETI] and impersonate the nShield Connect device…

  • CVE-2021-42809MedDec 20, 2021
    risk 0.42cvss 6.5epss 0.00

    Improper Access Control of Dynamically-Managed Code Resources (DLL) in Thales Sentinel Protection Installer could allow the execution of arbitrary code.

  • CVE-2021-42808MedDec 20, 2021
    risk 0.42cvss 6.5epss 0.00

    Improper Access Control in Thales Sentinel Protection Installer could allow a local user to escalate privileges.

  • CVE-2021-28979MedJun 16, 2021
    risk 0.42cvss 6.5epss 0.01

    SafeNet KeySecure Management Console 8.12.0 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked.

  • CVE-2020-28406MedJan 29, 2021
    risk 0.42cvss 6.5epss 0.01

    An improper authorization vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an unauthorized user to access details about jobs he should not have access to via the Audit Trail Feature.

  • CVE-2020-28401MedJan 29, 2021
    risk 0.42cvss 6.5epss 0.01

    An improper authorization vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an unauthorized user to access WIP details about jobs he should not have access to.

  • CVE-2023-35791MedJul 31, 2023
    risk 0.40cvss 6.1epss 0.00

    Vound Intella Connect 2.6.0.3 has an Open Redirect vulnerability.

  • CVE-2018-10208MedApr 25, 2018
    risk 0.40cvss 6.1epss 0.01

    An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. There is anonymous reflected XSS on the error page via a /share/error?message= URI.

  • CVE-2024-5264MedMay 23, 2024
    risk 0.38cvss 5.9epss 0.00

    Network Transfer with AES KHT in Thales Luna EFT 2.1 and above allows a user with administrative console access to access backups taken via offline analysis

  • CVE-2023-2737MedAug 16, 2023
    risk 0.37cvss 5.7epss 0.00

    Improper log permissions in SafeNet Authentication Service Version 3.4.0 on Windows allows an authenticated attacker to cause a denial of service via local privilege escalation.

  • CVE-2022-1293MedAug 2, 2022
    risk 0.37cvss 5.7epss 0.00

    The embedded neutralization of Script-Related HTML Tag, was by-passed in the case of some extra conditions.

  • CVE-2021-42111MedNov 10, 2021
    risk 0.36cvss 5.5epss 0.00

    An issue was discovered in the RCDevs OpenOTP app 1.4.13 and 1.4.14 for iOS. If it is installed on a jailbroken device, it is possible to retrieve the PIN code used to access the application. The IOS app version 1.4.1631262629 resolves this issue by storing a hash PIN code.

  • CVE-2023-35792MedJul 31, 2023
    risk 0.35cvss 5.4epss 0.00

    Vound Intella Connect 2.6.0.3 is vulnerable to stored Cross-site Scripting (XSS).

  • CVE-2022-30332MedJan 10, 2023
    risk 0.35cvss 5.3epss 0.01

    In Talend Administration Center 7.3.1.20200219 before TAC-15950, the Forgot Password feature provides different error messages for invalid reset attempts depending on whether the email address is associated with any account. This allows remote attackers to enumerate accounts via…

  • CVE-2022-37028MedSep 27, 2022
    risk 0.35cvss 5.4epss 0.00

    ISAMS 22.2.3.2 is prone to stored Cross-site Scripting (XSS) attack on the title field for groups, allowing an attacker to store a JavaScript payload that will be executed when another user uses the application.

  • CVE-2020-28402MedJan 29, 2021
    risk 0.35cvss 5.4epss 0.01

    An improper authorization vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an unauthorized user to access Launcher Configuration Panel.

  • CVE-2018-10212MedApr 25, 2018
    risk 0.35cvss 5.4epss 0.01

    An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. There is improper authorization leading to creation of folders within another account via a modified device value.

  • CVE-2018-10209MedApr 25, 2018
    risk 0.35cvss 5.4epss 0.01

    An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. There is Stored XSS on the file or folder download pop-up via a crafted file or folder name.

  • CVE-2018-10207MedApr 25, 2018
    risk 0.35cvss 5.3epss 0.01

    An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. An attacker can exploit Missing Authorization on the FlexPaperViewer SWF reader, and export files that should have been restricted, via vectors involving page-by-page access to a document in SWF format.

  • CVE-2023-26099MedApr 24, 2023
    risk 0.29cvss 4.4epss 0.00

    An issue was discovered in Telindus Apsal 3.14.2022.235 b. The consultation permission is insecure.

  • CVE-2021-42811LowJun 10, 2022
    risk 0.21cvss 3.3epss 0.01

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in SafeNet KeySecure allows an authenticated user to read arbitrary files from the underlying system on which the product is deployed.

  • CVE-2026-0872LowFeb 13, 2026
    risk 0.16cvss epss 0.00

    Improper Certificate Validation vulnerability in Thales SafeNet Agent for Windows Logon on Windows allows Signature Spoofing by Improper Validation.This issue affects SafeNet Agent for Windows Logon: 4.0.0, 4.1.1, 4.1.2.

  • CVE-2026-3457Mar 27, 2026
    risk 0.00cvss epss 0.00

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Thales Sentinel LDK Runtime on Windows allows Stored XSS.This issue affects Sentinel LDK Runtime: before 10.22.