Vulnerabilities in dragonflyoss
13 resultsCVE-2023-27584CRITICALDragonfly2 vulnerable to hard coded cyptographic keyEPSS 29.8%CVE-2026-24124HIGHDragonfly Manager Job API Allows Unauthenticated AccessEPSS 0.7%CVE-2025-59352MEDIUMDragonfly allows arbitrary file read and write on a peer machineEPSS 0.7%CVE-2025-59345HIGHDragonfly did not enable authentication for some Manager’s endpointsEPSS 0.4%CVE-2025-59348MEDIUMDragonfly incorrectly handles a task structure’s usedTraffic fieldEPSS 0.3%CVE-2025-59350LOWTiming attacks against Proxy’s basic authentication are possibleEPSS 0.3%CVE-2025-59351LOWDragonfly possibly panics due to nil pointer dereference when using variables created alongside an errorEPSS 0.3%CVE-2025-59346MEDIUMDragonfly server-side request forgery vulnerabilityEPSS 0.2%CVE-2025-59353HIGHManager generates mTLS certificates for arbitrary IP addressesEPSS 0.2%CVE-2025-59347LOWDragonfly Manager makes requests to external endpoints with disabled TLS authenticationEPSS 0.2%CVE-2025-59354MEDIUMDragonfly has weak integrity checks for downloaded filesEPSS 0.2%CVE-2025-59410MEDIUMDragonfly tiny file download uses hard coded HTTP protocolEPSS 0.1%CVE-2025-59349LOWDirectories created via os.MkdirAll are not checked for permissionsEPSS 0.1%