Every CVE whose affected-product data names Atlassian Agiloft, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (4)
CVE-2025-35115 — CVSS 8.1 (high): Agiloft Release 28 downloads critical system packages over an insecure HTTP connection. An attacker in a Man-In-the-Middle position could…
CVE-2025-35114 — CVSS 7.5 (high): Agiloft Release 28 contains several accounts with default credentials that could allow local privilege escalation. The password hash is…
CVE-2025-35113 — CVSS 5.9 (medium): Agiloft Release 28 does not properly neutralize special elements used in an EUI template engine, allowing an authenticated attacker to…
CVE-2025-35112 — CVSS 4.1 (medium): Agiloft Release 28 contains an XML External Entities vulnerability in any table that allows 'import/export', allowing an authenticated…