Total
5 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-54834 | 1 Opexustech | 1 Foiaxpress Public Access Link | 2026-01-23 | N/A | 5.3 MEDIUM |
| OPEXUS FOIAXpress Public Access Link (PAL) version v11.1.0 allows an unauthenticated, remote attacker to query the /App/CreateRequest.aspx endpoint to check for the existence of valid usernames. There are no rate-limiting mechanisms in place. | |||||
| CVE-2025-54833 | 1 Opexustech | 1 Foiaxpress Public Access Link | 2026-01-23 | N/A | 5.3 MEDIUM |
| OPEXUS FOIAXpress Public Access Link (PAL) version v11.1.0 allows attackers to bypass account-lockout and CAPTCHA protections. Unauthenticated remote attackers can more easily brute force passwords. | |||||
| CVE-2025-54832 | 1 Opexustech | 1 Foiaxpress Public Access Link | 2026-01-23 | N/A | 4.3 MEDIUM |
| OPEXUS FOIAXpress Public Access Link (PAL), version v11.1.0, allows an authenticated user to add entries to the list of states and territories. | |||||
| CVE-2024-53553 | 1 Opexustech | 1 Foiaxpress Public Access Link | 2025-10-29 | N/A | 9.1 CRITICAL |
| An issue in OPEXUS FOIAXPRESS PUBLIC ACCESS LINK v11.1.0 allows attackers to bypass authentication via crafted web requests. | |||||
| CVE-2025-58462 | 1 Opexustech | 1 Foiaxpress Public Access Link | 2025-09-26 | N/A | 9.8 CRITICAL |
| OPEXUS FOIAXpress Public Access Link (PAL) before version 11.13.1.0 allows SQL injection via SearchPopularDocs.aspx. A remote, unauthenticated attacker could read, write, or delete any content in the underlying database. | |||||