Bug Parade

The following security vulnerabilities were discovered by MOGWAI LABS and reported to the vendors or open-source projects.

Vulnerability Disclosure Policy.

IDName
MLSA-2026-001dormakaba evolo Service Remote Code Execution Critical
MLSA-2025-005PowerMaster+ Insecure Password Storage Medium
MLSA-2025-004PowerMaster+ Hidden System Account Critical
MLSA-2025-003PowerMaster+ Hardcoded JWT Keys Critical
MLSA-2025-002Generex RCCMDTray Remote OS Command Execution High
MLSA-2025-0014D Unauthenticated File Disclosure High
MLSA-2024-004Pentaho DI Authenticated Remote Code Execution High
MLSA-2024-003Visual Planning 8 Unauthenticated Remote Code Execution Critical
MLSA-2024-002DataHub GMS Privilege Escalation through User Signup High
MLSA-2024-001RaspberryMatic Unauthenticated Remote Code Execution Critical
MLSA-2023-004FusionAuth Unauthenticated Local File Disclosure High
MLSA-2023-003Keycloak Device Grant Spoofing Low
MLSA-2023-002mendelson AS2 Admin Service Unauthenticated Remote Code Execution High
MLSA-2023-001x2gowebrpc Unauthenticated OS Command Injection Critical
MLSA-2021-005XML External Entity (XXE) Injection in TwelveMonkeys ImageIO Medium
MLSA-2021-004Unauthenticated Remote Code Execution in Ajax.NET Professional Critical
MLSA-2021-003ZipSlip vulnerability in elfinder.NetCore High
MLSA-2021-002Path Traversal in elfinder.AspNet and elfinder.NetCore High
MLSA-2021-001ruby-mysql / Metasploit Arbitrary File Read Medium
MLSA-2020-001Cross Site Scripting (XSS) vulnerability in vis-timeline Low
MLSA-2018-001Privilege escalation in Oracle Identity Analytics High