Every CVE whose affected-product data names Navarino Infinity, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (3)
CVE-2018-5384 — CVSS 9.8 (critical): Navarino Infinity web interface up to version 2.2 exposes an unauthenticated script that is prone to blind sql injection. If successfully…
CVE-2018-5385 — CVSS 8.8 (high): Navarino Infinity is prone to session fixation attacks. The server accepts the session ID as a GET parameter which can lead to bypassing…
CVE-2018-5386 — CVSS 7.5 (high): Some Navarino Infinity functions, up to version 2.2, placed in the URL can bypass any authentication mechanism leading to an information…