Browse all 4 CVE security advisories affecting spikefinned. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Spikefinned primarily develops network security appliances and intrusion detection systems. Historically, its products have been vulnerable to remote code execution, cross-site scripting, and privilege escalation flaws, often stemming from improper input validation and insecure default configurations. The four CVEs recorded for spikefinned reveal patterns of authentication bypass vulnerabilities and insecure API endpoints. While no major public security incidents have been widely documented, the consistent presence of similar vulnerability classes across its CVE history suggests potential systemic weaknesses in secure coding practices. Organizations using spikefinned equipment should prioritize timely patching and harden configurations against these recurring issues.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2023-5507 | ImageMapper <= 1.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — ImageMapperCWE-79 | 6.4 | Medium | 2023-11-07 |
| CVE-2023-5532 | ImageMapper <= 1.2.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting via imgmap_save_area_title — ImageMapperCWE-352 | 6.1 | Medium | 2023-11-07 |
| CVE-2023-5975 | ImageMapper <= 1.2.6 - Cross-Site Request Forgery to Plugin Settings Change via ajax — ImageMapperCWE-352 | 4.3 | Medium | 2023-11-07 |
| CVE-2023-5506 | ImageMapper <= 1.2.6 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Page/Post Deletion via imgmap_delete_area_ajax — ImageMapperCWE-862 | 5.4 | Medium | 2023-11-07 |
This page lists every published CVE security advisory associated with spikefinned. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.