Browse all 6 CVE security advisories affecting xenioushk. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Xenioushk develops network security appliances focusing on threat detection and prevention. Historically, its products have been vulnerable to remote code execution, cross-site scripting, and privilege escalation flaws, often stemming from improper input validation and authentication bypasses. The vendor has addressed six CVEs to date, with several critical RCE vulnerabilities allowing unauthenticated attackers to execute arbitrary code. While no major public incidents have been documented, the consistent presence of similar vulnerability patterns suggests potential weaknesses in input sanitization and access control mechanisms. Security researchers have noted that patch adoption remains a concern for some legacy products.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-13801 | BWL Advanced FAQ Manager <= 2.1.4 - Missing Authorization to Authenticated (Subscriber+) Limited Arbitrary Options Update — BWL Advanced FAQ ManagerCWE-862 | 8.1 | High | 2025-03-26 |
| CVE-2024-32136 | WordPress BWL Advanced FAQ Manager plugin <= 2.0.3 - Auth. SQL Injection vulnerability — BWL Advanced FAQ ManagerCWE-89 | 7.6 | High | 2024-04-15 |
This page lists every published CVE security advisory associated with xenioushk. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.