MOGWAI LABS MOGWAI LABS Logo as icon
  • penetration tests assessments trainings
  • blog Bug Parade
  • careers
  • contact
  • DE
  • penetration tests assessments trainings
  • blog Bug Parade
  • careers
  • contact
  • DE

Bug Parade

The following security vulnerabilities were discovered by MOGWAI LABS and reported to the vendors or open-source projects.

Vulnerability Disclosure Policy.

IDName
MLSA-2024-004Pentaho DI Authenticated Remote Code Execution High
MLSA-2024-003Visual Planning 8 Unauthenticated Remote Code Execution Critical
MLSA-2024-002DataHub GMS Privilege Escalation through User Signup High
MLSA-2024-001RaspberryMatic Unauthenticated Remote Code Execution Critical
MLSA-2023-004FusionAuth Unauthenticated Local File Disclosure High
MLSA-2023-003Keycloak Device Grant Spoofing Low
MLSA-2023-002mendelson AS2 Admin Service Unauthenticated Remote Code Execution High
MLSA-2023-001x2gowebrpc Unauthenticated OS Command Injection Critical
MLSA-2021-005XML External Entity (XXE) Injection in TwelveMonkeys ImageIO Medium
MLSA-2021-004Unauthenticated Remote Code Execution in Ajax.NET Professional Critical
MLSA-2021-003ZipSlip vulnerability in elfinder.NetCore High
MLSA-2021-002Path Traversal in elfinder.AspNet and elfinder.NetCore High
MLSA-2021-001ruby-mysql / Metasploit Arbitrary File Read Medium
MLSA-2020-001Cross Site Scripting (XSS) vulnerability in vis-timeline Low
MLSA-2018-001Privilege escalation in Oracle Identity Analytics High

Footer

Contact

If you would like to know more about us or our services, feel free to contact us.

Contact form

Address

MOGWAI LABS GmbH
Am Steg 3
89231 Neu-Ulm
Germany

Imprint - Legal Notice

  • Legal Statement
  • Privacy Policy
Github LinkedIn LinkedIn Mastodon RSS (blog posts)

© 2025 MOGWAI LABS GmbH. All rights reserved.