Airbus CERT

3 exploits Active since Apr 2024
CVE-2024-4040 NOMISEC CRITICAL SCANNER
CrushFTP < 10.7.1 - Unauthenticated Server-Side Template Injection
A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows unauthenticated remote attackers to read files from the filesystem outside of the VFS Sandbox, bypass authentication to gain administrative access, and perform remote code execution on the server.
51 stars
CVSS 9.8
CVE-2025-24985 NOMISEC HIGH SCANNER
Windows Fast FAT Driver - Code Injection
Integer overflow or wraparound in Windows Fast FAT Driver allows an unauthorized attacker to execute code locally.
2 stars
CVSS 7.8
CVE-2025-24799 NOMISEC HIGH SCANNER
GLPI 10.0.0-10.0.17 - Unauthenticated SQL Injection via Inventory Endpoint
GLPI is a free asset and IT management software package. An unauthenticated user can perform a SQL injection through the inventory endpoint. This vulnerability is fixed in 10.0.18.
CVSS 7.5