Rejetto Hfs
4 CVEs affecting Rejetto Hfs. Latest disclosed: 2026-07-13. Critical: 0, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-61504 | Medium | 5.4 | 2026-07-13 | Rejetto HFS 3.0.0 through 3.2.0 does not escape file names in its fallback "basic" web listing, and this listing can be forced by any browser via the ?get=basi… |
CVE-2026-61505 | Medium | 5.3 | 2026-07-13 | Rejetto HFS 3.0.0 through 3.2.0 allows path traversal through the lang query parameter, permitting a remote unauthenticated attacker to read certain JSON files… |
CVE-2026-61503 | Medium | 5.3 | 2026-07-13 | Rejetto HFS 3.0.0 through 3.2.0 returns observably different responses from its login endpoint depending on whether the submitted username exists. A remote una… |
CVE-2026-61502 | Medium | 4.3 | 2026-07-13 | Rejetto HFS 3.0.0 through 3.2.0 accepts state-changing API requests via the GET method and exempts GET requests from its anti-CSRF header check. A remote attac… |