Aggregates CVE and security vulnerability intelligence across all soliton-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Disclosed issues often relate to vendor risk path handling, vendor risk denial of service, and vendor risk command injection; exposure may include vendor impact file overwrite in vendor surface production workloads contexts.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2026-27653 | The installers for multiple products provided by Soliton Systems K.K. contain an issue with incorrect default permissions, which may allow arbitrary code to be executed with SYSTEM privileges. | [email protected] | 5.4 | 0.01% | 2026-02-27 | 2026-03-17 |
| CVE-2026-25108 KEV | FileZen contains an OS command injection vulnerability. When FileZen Antivirus Check Option is enabled, a logged-in user may send a specially crafted HTTP request to execute an arbitrary OS command. | [email protected] | 8.7 | 8.37% | 2026-02-13 | 2026-02-24 |
| CVE-2023-39341 | "FFRI yarai", "FFRI yarai Home and Business Edition" and their OEM products handle exceptional conditions improperly, which may lead to denial-of-service (DoS) condition. Affected products and versions are as follows: FFRI yarai versions 3.4.0 to 3.4.6 and 3.5.0, FFRI yarai Home and Business Edition version 1.4.0, InfoTrace Mark II Malware Protection (Mark II Zerona) versions 3.0.1 to 3.2.2, Zerona / Zerona PLUS versions 3.2.32 to 3.2.36, ActSecure χ versions 3.4.0 to 3.4.6 and 3.5.0, Dual Saf | [email protected] | 3.3 | 0.03% | 2023-08-09 | 2024-11-21 |
| CVE-2021-20655 | FileZen (V3.0.0 to V4.2.7 and V5.0.0 to V5.0.2) allows a remote attacker with administrator rights to execute arbitrary OS commands via unspecified vectors. | [email protected] | 7.2 | 3.43% | 2021-02-17 | 2024-11-21 |
| CVE-2020-5639 | Directory traversal vulnerability in FileZen versions from V3.0.0 to V4.2.2 allows remote attackers to upload an arbitrary file in a specific directory via unspecified vectors. As a result, an arbitrary OS command may be executed. | [email protected] | 9.8 | 9.21% | 2020-12-14 | 2024-11-21 |
| CVE-2018-0694 | FileZen V3.0.0 to V4.2.1 allows remote attackers to execute arbitrary OS commands via unspecified vectors. | [email protected] | 9.8 | 2.74% | 2018-11-15 | 2024-11-21 |
| CVE-2018-0693 | Directory traversal vulnerability in FileZen V3.0.0 to V4.2.1 allows remote attackers to upload an arbitrary file in the specific directory in FileZen via unspecified vectors. | [email protected] | 7.5 | 0.51% | 2018-11-15 | 2024-11-21 |