Search Results (3 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-14902 1 Ivanti 1 Xtraction 2026-07-16 4 Medium
An open redirect in Ivanti Xtraction before version 2026.2.1 allows a remote unauthenticated attacker to redirect users to arbitrary external URLs.
CVE-2026-14903 1 Ivanti 1 Xtraction 2026-07-16 7.7 High
Path traversal in Ivanti  Xtraction before version 2026.2.1 allows a remote authenticated attacker to read arbitrary files outside the web root.
CVE-2026-8043 1 Ivanti 1 Xtraction 2026-05-13 9.6 Critical
External control of a file name in Ivanti Xtraction before version 2026.2 allows a remote authenticated attacker to read sensitive files and write arbitrary HTML files to a web directory, leading to information disclosure and possible client-side attacks.