Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

aces — Vulnerabilities & Security Advisories 11

Browse all 11 CVE security advisories affecting aces. AI-powered Chinese analysis, POCs, and references for each vulnerability.

ACES primarily serves as an authentication and access control system, managing user permissions across enterprise environments. Historically, it has been susceptible to remote code execution, cross-site scripting, and privilege escalation vulnerabilities, with 11 CVEs documented. The system's complex permission logic has frequently led to access control flaws, while its web interface has been prone to injection attacks. Notable incidents include a 2022 privilege escalation flaw that allowed unauthorized administrative access, and multiple XSS vulnerabilities in its dashboard components. Despite these issues, ACES remains widely deployed due to its integration capabilities, though organizations should implement additional security controls to mitigate its historical weaknesses.

Top products by aces: Loris
CVE IDTitleCVSSSeverityPublished
CVE-2026-39985 LORIS has an open redirect field on login — LorisCWE-601 4.3 Medium2026-04-09
CVE-2026-35446 LORIS has a path traversal in FilesDownloadHandler — LorisCWE-552 7.7 High2026-04-08
CVE-2026-35403 LORIS has potential cross-site scripting in survey_accounts module — LorisCWE-79 6.5 Medium2026-04-08
CVE-2026-35400 LORIS incorrectly trusts user input in publication module — LorisCWE-59 3.5 Low2026-04-08
CVE-2026-35169 LORIS has potential cross-site scripting in help_editor module — LorisCWE-79 8.7 High2026-04-08
CVE-2026-35165 LORIS has incorrect access checks in document_repository — LorisCWE-639 6.3 Medium2026-04-08
CVE-2026-34985 LORIS has incorrect access checks in media module — LorisCWE-639 6.3 Medium2026-04-08
CVE-2026-34392 LORIS has a path traversal in static router — LorisCWE-552 7.5 High2026-04-08
CVE-2026-33350 LORIS has a SQL injection in MRI feedback popup — LorisCWE-89 7.5 High2026-04-08
CVE-2026-26985 LORIS vulnerable to path traversal in electrophysiology_browser — LorisCWE-22 8.1 High2026-02-25
CVE-2026-26984 LORIS media module vulnerable to remote code execution — LorisCWE-22 8.8AIHighAI2026-02-25

This page lists every published CVE security advisory associated with aces. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.