Skip to main content

Lexicom

4 CVEs product

Monthly

CVE-2024-55956 CRITICAL POC KEV THREAT Emergency

In Cleo Harmony before 5.8.0.24, VLTrader before 5.8.0.24, and LexiCom before 5.8.0.24, an unauthenticated user can import and execute arbitrary Bash or PowerShell commands on the host system by. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Harmony Lexicom Vltrader
NVD
CVSS 3.1
9.8
EPSS
93.8%
CVE-2024-50623 CRITICAL POC KEV THREAT Act Now

In Cleo Harmony before 5.8.0.21, VLTrader before 5.8.0.21, and LexiCom before 5.8.0.21, there is an unrestricted file upload and download that could lead to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Harmony Lexicom Vltrader
NVD
CVSS 3.1
9.8
EPSS
98.5%
CVE-2021-33577 MEDIUM POC This Month

An issue was discovered in Cleo LexiCom 5.5.0.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Lexicom
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2021-33576 CRITICAL POC Act Now

An issue was discovered in Cleo LexiCom 5.5.0.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Lexicom
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
EPSS 94% CVSS 9.8
CRITICAL POC KEV THREAT Emergency

In Cleo Harmony before 5.8.0.24, VLTrader before 5.8.0.24, and LexiCom before 5.8.0.24, an unauthenticated user can import and execute arbitrary Bash or PowerShell commands on the host system by. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Harmony Lexicom +1
NVD
EPSS 99% CVSS 9.8
CRITICAL POC KEV THREAT Act Now

In Cleo Harmony before 5.8.0.21, VLTrader before 5.8.0.21, and LexiCom before 5.8.0.21, there is an unrestricted file upload and download that could lead to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Harmony +2
NVD
EPSS 1% CVSS 5.3
MEDIUM POC This Month

An issue was discovered in Cleo LexiCom 5.5.0.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Lexicom
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

An issue was discovered in Cleo LexiCom 5.5.0.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Lexicom
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy