Vulnerabilities > Arangodb

DATE	CVE	VULNERABILITY TITLE	RISK
2022-02-09	CVE-2021-25939	Server-Side Request Forgery (SSRF) vulnerability in Arangodb In ArangoDB, versions v3.7.0 through v3.9.0-alpha.1 have a feature which allows downloading a Foxx service from a publicly available URL. network low complexity arangodb CWE-918	2.7
2021-11-16	CVE-2021-25940	Insufficient Session Expiration vulnerability in Arangodb In ArangoDB, versions v3.7.6 through v3.8.3 are vulnerable to Insufficient Session Expiration. network low complexity arangodb CWE-613	8.0
2021-05-24	CVE-2021-25938	Cross-site Scripting vulnerability in Arangodb In ArangoDB, versions v2.2.6.2 through v3.7.10 are vulnerable to Cross-Site Scripting (XSS), since there is no validation of the .zip file name and filtering of potential abusive characters which zip files can be named to. network low complexity arangodb CWE-79	6.1

Vulnerabilities > Arangodb {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Arangodb"}]}