CVE-2025-35940
- EPSS 0.09%
- Veröffentlicht 10.06.2025 20:27:51
- Zuletzt bearbeitet 12.06.2025 16:06:29
The ArchiverSpaApi ASP.NET application uses a hard-coded JWT signing key. An unauthenticated remote attacker can generate and use a verifiable JWT token to access protected ArchiverSpaApi URL endpoints.
CVE-2024-11947
- EPSS 2.22%
- Veröffentlicht 12.12.2024 01:40:21
- Zuletzt bearbeitet 13.12.2024 19:33:07
GFI Archiver Core Service Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GFI Archiver. Authentication is required to exploit thi...
CVE-2024-11948
- EPSS 1.16%
- Veröffentlicht 12.12.2024 01:40:21
- Zuletzt bearbeitet 13.12.2024 19:32:21
GFI Archiver Telerik Web UI Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GFI Archiver. Authentication is not required to exploit this vulnerability. The specif...
CVE-2024-11949
- EPSS 2.22%
- Veröffentlicht 12.12.2024 01:40:21
- Zuletzt bearbeitet 13.12.2024 19:28:30
GFI Archiver Store Service Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GFI Archiver. Authentication is required to exploit th...
CVE-2021-29281
- EPSS 0.52%
- Veröffentlicht 07.07.2022 21:15:09
- Zuletzt bearbeitet 21.11.2024 06:00:55
File upload vulnerability in GFI Mail Archiver versions up to and including 15.1 via insecure implementation of Telerik Web UI plugin which is affected by CVE-2014-2217, and CVE-2017-11317.