Bug Parade

The following security vulnerabilities were discovered by MOGWAI LABS and reported to the vendors or open-source projects.

Vulnerability Disclosure Policy.

ID Name
MLSA-2024-004 Pentaho DI Authenticated Remote Code Execution High
MLSA-2024-003 Visual Planning 8 Unauthenticated Remote Code Execution Critical
MLSA-2024-002 DataHub GMS Privilege Escalation through User Signup High
MLSA-2024-001 RaspberryMatic Unauthenticated Remote Code Execution Critical
MLSA-2023-004 FusionAuth Unauthenticated Local File Disclosure High
MLSA-2023-003 Keycloak Device Grant Spoofing Low
MLSA-2023-002 mendelson AS2 Admin Service Unauthenticated Remote Code Execution High
MLSA-2023-001 x2gowebrpc Unauthenticated OS Command Injection Critical
MLSA-2021-005 XML External Entity (XXE) Injection in TwelveMonkeys ImageIO Medium
MLSA-2021-004 Unauthenticated Remote Code Execution in Ajax.NET Professional Critical
MLSA-2021-003 ZipSlip vulnerability in elfinder.NetCore High
MLSA-2021-002 Path Traversal in elfinder.AspNet and elfinder.NetCore High
MLSA-2021-001 ruby-mysql / Metasploit Arbitrary File Read Medium
MLSA-2020-001 Cross Site Scripting (XSS) vulnerability in vis-timeline Low
MLSA-2018-001 Privilege escalation in Oracle Identity Analytics High