Export limit exceeded: 362457 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (4 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-55721 1 Stonefly 2 Storage Concentrator, Storage Concentrator Virtual Machine 2026-07-06 9.3 Critical
Storage Concentrator (SC & SCVM) is vulnerable to SQL injection through cookie values processed by the login.pl and debug.pl scripts. The cookie value is incorporated directly into database queries without adequate sanitization, allowing an unauthenticated remote attacker to manipulate those queries and extract sensitive information from the underlying database, including session tokens, password hashes, and stored secret keys.
CVE-2026-56415 1 Stonefly 2 Storage Concentrator, Storage Concentrator Virtual Machine 2026-07-06 10 Critical
Storage Concentrator (SC & SCVM) contains a command injection vulnerability within the debug.pl script that is reachable without authentication. A remote attacker can submit a specially crafted HTTP request containing a malicious payload that is processed without adequate input sanitization, resulting in arbitrary command execution with root-level privileges on the underlying system.
CVE-2026-56413 1 Stonefly 2 Storage Concentrator, Storage Concentrator Virtual Machine 2026-07-06 10 Critical
Storage Concentrator (SC & SCVM) contains a command injection vulnerability in the ms_service.pl service, which listens on TCP port 9000 by default and accepts custom network packets to perform device actions. An unauthenticated remote attacker can send a specially crafted packet containing a malicious payload that is processed without adequate sanitization, resulting in arbitrary command execution with root-level privileges.
CVE-2026-50110 1 Stonefly 2 Storage Concentrator, Storage Concentrator Virtual Machine 2026-07-06 9.2 Critical
Storage Concentrator (SC & SCVM) contains hardcoded credentials for numerous internal services embedded within a configuration file. While the credentials are stored in an encoded format, the encoding can be reversed to plaintext. The exposed credentials span a broad range of internal services, including database accounts, licensing, replication services, and third-party integrations, meaning successful exploitation of this vulnerability could provide an attacker with unauthorized access to multiple interconnected systems.