Rejetto Hfs

4 CVEs affecting Rejetto Hfs. Latest disclosed: 2026-07-13. Critical: 0, High: 0.

Top CVEs affecting Rejetto Hfs
CVESeverityScorePublishedSummary
CVE-2026-61504Medium5.42026-07-13Rejetto HFS 3.0.0 through 3.2.0 does not escape file names in its fallback "basic" web listing, and this listing can be forced by any browser via the ?get=basi…
CVE-2026-61505Medium5.32026-07-13Rejetto HFS 3.0.0 through 3.2.0 allows path traversal through the lang query parameter, permitting a remote unauthenticated attacker to read certain JSON files…
CVE-2026-61503Medium5.32026-07-13Rejetto HFS 3.0.0 through 3.2.0 returns observably different responses from its login endpoint depending on whether the submitted username exists. A remote una…
CVE-2026-61502Medium4.32026-07-13Rejetto HFS 3.0.0 through 3.2.0 accepts state-changing API requests via the GET method and exempts GET requests from its anti-CSRF header check. A remote attac…