Skip to main content

Arc

3 CVEs product

Monthly

CVE-2025-40896 MEDIUM This Month

The server certificate was not verified when an Arc agent connected to a Guardian or CMC. A malicious actor could perform a man-in-the-middle attack and intercept the communication between the Arc agent and the Guardian or CMC. [CVSS 6.5 MEDIUM]

Authentication Bypass Arc
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2024-52928 CRITICAL Act Now

Arc before 1.26.1 on Windows has a bypass issue in the site settings that allows websites (with previously granted permissions) to add new permissions when the user clicks anywhere on the website.

Microsoft Authentication Bypass Arc Windows
NVD
CVSS 3.1
9.6
EPSS
0.1%
CVE-2023-24243 HIGH POC This Week

CData RSB Connect v22.0.8336 was discovered to contain a Server-Side Request Forgery (SSRF). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Arc
NVD GitHub
CVSS 3.1
7.5
EPSS
4.0%
EPSS 0% CVSS 6.5
MEDIUM This Month

The server certificate was not verified when an Arc agent connected to a Guardian or CMC. A malicious actor could perform a man-in-the-middle attack and intercept the communication between the Arc agent and the Guardian or CMC. [CVSS 6.5 MEDIUM]

Authentication Bypass Arc
NVD
EPSS 0% CVSS 9.6
CRITICAL Act Now

Arc before 1.26.1 on Windows has a bypass issue in the site settings that allows websites (with previously granted permissions) to add new permissions when the user clicks anywhere on the website.

Microsoft Authentication Bypass Arc +1
NVD
EPSS 4% CVSS 7.5
HIGH POC This Week

CData RSB Connect v22.0.8336 was discovered to contain a Server-Side Request Forgery (SSRF). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Arc
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy