cbcvebase.

Orionsec Orion-Ops vulnerabilities

3 known vulnerabilities affecting orionsec/orion-ops.

Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2025-13808P2HIGHCVSS 8.8≤ 2025-08-01v5925824997a3109651bbde07460958a7be249ed12025-12-01
CVE-2025-13808 [HIGH] CWE-266 CVE-2025-13808: A flaw has been found in orionsec orion-ops up to 5925824997a3109651bbde07460958a7be249ed1. Affected A flaw has been found in orionsec orion-ops up to 5925824997a3109651bbde07460958a7be249ed1. Affected by this vulnerability is the function update of the file orion-ops-api/orion-ops-web/src/main/java/cn/orionsec/ops/controller/UserController.java of the component User Profile Handler. This manipulation of the argument ID causes improper authorization.
nvd
CVE-2025-13809P3MEDIUMCVSS 6.5≤ 2025-08-01v5925824997a3109651bbde07460958a7be249ed12025-12-01
CVE-2025-13809 [MEDIUM] CWE-918 CVE-2025-13809: A vulnerability has been found in orionsec orion-ops up to 5925824997a3109651bbde07460958a7be249ed1. A vulnerability has been found in orionsec orion-ops up to 5925824997a3109651bbde07460958a7be249ed1. Affected by this issue is some unknown functionality of the file orion-ops-api/orion-ops-web/src/main/java/cn/orionsec/ops/controller/MachineInfoController.java of the component SSH Connection Handler. Such manipulation of the argument host/sshPort/u
nvd
CVE-2025-13807P4MEDIUMCVSS 4.3≤ 2025-08-01v5925824997a3109651bbde07460958a7be249ed12025-12-01
CVE-2025-13807 [MEDIUM] CWE-266 CVE-2025-13807: A vulnerability was detected in orionsec orion-ops up to 5925824997a3109651bbde07460958a7be249ed1. A A vulnerability was detected in orionsec orion-ops up to 5925824997a3109651bbde07460958a7be249ed1. Affected is the function MachineKeyController of the file orion-ops-api/orion-ops-web/src/main/java/cn/orionsec/ops/controller/MachineKeyController.java of the component API. The manipulation results in improper authorization. The attack can be execute
nvd
Orionsec Orion-Ops vulnerabilities | cvebase