Every CVE whose affected-product data names Tobesoft Nexacro, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (6)
CVE-2020-7874 — CVSS 8.8 (high): Download of code without integrity check vulnerability in NEXACRO14 Runtime ActiveX control of tobesoft Co., Ltd allows the attacker to…
CVE-2021-26625 — CVSS 8.8 (high): Insufficient Verification of input Data leading to arbitrary file download and execute was discovered in Nexacro platform. This…
CVE-2021-26607 — CVSS 8.1 (high): An Improper input validation in execDefaultBrowser method of NEXACRO17 allows a remote attacker to execute arbitrary command on affected…
CVE-2021-26612 — CVSS 8.1 (high): An improper input validation leading to arbitrary file creation was discovered in copy method of Nexacro platform. Remote attackers use…
CVE-2021-26613 — CVSS 8.1 (high): improper input validation vulnerability in nexacro permits copying file to the startup folder using rename method.
CVE-2019-19167 — CVSS 7.8 (high): Tobesoft Nexacro v2019.9.25.1 and earlier version have an arbitrary code execution vulnerability by using method supported by Nexacro14…