algosec 漏洞与 CVE 列表(8)

产品(CPE): — CVE 数: 8

algosec 漏洞概览

汇总 algosec 相关全部产品的 CVE 与安全漏洞情报,包括 CVSS、EPSS、公开时间与漏洞情报数据。

常见弱点模式包括 跨站脚本与路径处理缺陷,在 生产负载与软件部署 使用场景中可能带来 会话劫持与文件覆盖 等风险。

相关漏洞数据主要来源于公开漏洞披露与安全公告,可用于评估历史漏洞暴露面与修复优先级。

漏洞分布趋势(近 24 个月)

显示 188 CVE 数
«« 第一页 « 上一页 第 1 / 1 页 下一页 »
CVE 摘要 来源 最高 CVSS EPSS % 公开时间 更新时间
CVE-2025-12381 Improper Privilege Management vulnerability in AlgoSec Firewall Analyzer on Linux, 64 bit allows Privilege Escalation, Parameter Injection. A local user with access to the command line may escalate their privileges by abusing the parameters of a command that is approved in the sudoers file.  This issue affects Firewall Analyzer: A33.0, A33.10. [email protected] 6.1 0.14% 2025-12-09 2026-06-17
CVE-2025-12382 Improper Limitation of a Pathname 'Path Traversal') vulnerability in Algosec Firewall Analyzer on Linux, 64 bit allows an authenticated user to upload files to a restricted directory leading to code injection. This issue affects Algosec Firewall Analyzer: A33.0 (up to build 320), A33.10 (up to build 210). [email protected] 7.3 0.43% 2025-11-12 2026-06-17
CVE-2023-46596 Improper input validation in Algosec FireFlow VisualFlow workflow editor via Name, Description and Configuration File field in version A32.20, A32.50, A32.60 permits an attacker to initiate an XSS attack by injecting malicious executable scripts into the application's code. Fixed in version A32.20 (b600 and above), A32.50 (b430 and above), A32.60 (b250 and above) [email protected] 5.1 0.28% 2024-02-15 2026-06-17
CVE-2023-46595 Net-NTLM leak via HTML injection in FireFlow VisualFlow workflow editor allows an attacker to obtain victim’s domain credentials and Net-NTLM hash which can lead to relay domain attacks. Fixed in A32.20 (b570 or above), A32.50 (b390 or above) [email protected] 5.9 0.30% 2023-11-02 2026-06-17
CVE-2022-36783 AlgoSec – FireFlow Reflected Cross-Site-Scripting (RXSS) A malicious user injects JavaScript code into a parameter called IntersectudRule on the search/result.html page. The malicious user changes the request from POST to GET and sends the URL to another user (victim). JavaScript code is executed on the browser of the other user. [email protected] 6.5 0.35% 2022-10-25 2026-06-17
CVE-2014-4164 Cross-site scripting (XSS) vulnerability in AlgoSec FireFlow 6.3-b230 allows remote attackers to inject arbitrary web script or HTML via a user signature to SelfService/Prefs.html. [email protected] 4.3 0.99% 2014-06-16 2026-06-16
CVE-2013-7318 Cross-site scripting (XSS) vulnerability in BusinessFlow/login in AlgoSec Firewall Analyzer 6.4 allows remote attackers to inject arbitrary web script or HTML via the message parameter. [email protected] 4.3 0.98% 2014-01-29 2026-06-16
CVE-2013-5092 Cross-site scripting (XSS) vulnerability in afa/php/Login.php in AlgoSec Firewall Analyzer 6.1-b86 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. [email protected] 4.3 3.25% 2014-01-29 2026-06-16
«« 第一页 « 上一页 第 1 / 1 页 下一页 »
cvelogic Threat Intelligence