This page lists publicly disclosed CVE vulnerabilities affecting bigantsoft bigant_server (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2025-0364 | BigAntSoft BigAnt Server, up to and including version 5.6.06, is vulnerable to unauthenticated remote code execution via account registration. An unauthenticated remote attacker can create an administrative user through the default exposed SaaS registration mechanism. Once an administrator, the attacker can upload and execute arbitrary PHP code using the "Cloud Storage Addin," leading to unauthenticated code execution. | [email protected] | 9.8 | 1.78% | 2025-02-04 | 2025-09-29 |
| CVE-2022-26281 | BigAnt Server v5.6.06 was discovered to contain an incorrect access control issue. | [email protected] | 7.5 | 1.04% | 2022-04-05 | 2024-11-21 |
| CVE-2022-23352 | An issue in BigAnt Software BigAnt Server v5.6.06 can lead to a Denial of Service (DoS). | [email protected] | 7.5 | 2.01% | 2022-03-21 | 2024-11-21 |
| CVE-2022-23350 | BigAnt Software BigAnt Server v5.6.06 was discovered to contain a cross-site scripting (XSS) vulnerability. | [email protected] | 5.4 | 0.79% | 2022-03-21 | 2024-11-21 |
| CVE-2022-23349 | BigAnt Software BigAnt Server v5.6.06 was discovered to contain a Cross-Site Request Forgery (CSRF). | [email protected] | 8.8 | 0.71% | 2022-03-21 | 2024-11-21 |
| CVE-2022-23348 | BigAnt Software BigAnt Server v5.6.06 was discovered to utilize weak password hashes. | [email protected] | 5.3 | 3.38% | 2022-03-21 | 2024-11-21 |
| CVE-2022-23347 | BigAnt Software BigAnt Server v5.6.06 was discovered to be vulnerable to directory traversal attacks. | [email protected] | 7.5 | 13.12% | 2022-03-21 | 2024-11-21 |
| CVE-2022-23346 | BigAnt Software BigAnt Server v5.6.06 was discovered to contain incorrect access control issues. | [email protected] | 8.8 | 1.62% | 2022-03-21 | 2024-11-21 |
| CVE-2022-23345 | BigAnt Software BigAnt Server v5.6.06 was discovered to contain incorrect access control. | [email protected] | 7.5 | 1.74% | 2022-03-21 | 2024-11-21 |
| CVE-2009-4661 | Multiple buffer overflows in BigAnt Server 2.50 SP6 and earlier allow user-assisted remote attackers to cause a denial of service (application crash) via a crafted ZIP file that is not properly handled when the victim uses the (1) Update or (2) Plug-In console menu item. | [email protected] | 4.3 | 2.10% | 2010-03-03 | 2026-04-29 |