Zenitel Alphacom Xe Audio Server vulnerabilities
2 known vulnerabilities affecting zenitel/alphacom_xe_audio_server.
Total CVEs
2
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2021-40845P2HIGHCVSS 8.8PoC≤ 11.2.3.102021-09-15
CVE-2021-40845 [HIGH] CWE-434 CVE-2021-40845: The web part of Zenitel AlphaCom XE Audio Server through 11.2.3.10, called AlphaWeb XE, does not res
The web part of Zenitel AlphaCom XE Audio Server through 11.2.3.10, called AlphaWeb XE, does not restrict file upload in the Custom Scripts section at php/index.php. Neither the content nor extension of the uploaded files is checked, allowing execution of PHP code under the /cmd directory.
nvd
CVE-2025-59819P3MEDIUMCVSS 6.5v*2026-02-20
CVE-2025-59819 [MEDIUM] CWE-22 CVE-2025-59819: This vulnerability allows authenticated attackers to read an arbitrary file by changing a filepath p
This vulnerability allows authenticated attackers to read an arbitrary file by changing a filepath parameter into an internal system path.
nvd