All 6 CVE vulnerabilities found in ondemand, with AI-generated Chinese analysis, references, and POCs.
Vendor: OSC
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-26002 | OnDemand susceptible to malicious input when navigating to a directory. CWE-74 | 8.0AI | HighAI | 2026-03-04 |
| CVE-2025-66029 | Open OnDemand affected by Apache proxy passing sensitive headers CWE-522 | 7.6 | High | 2025-12-17 |
| CVE-2025-64185 | Open OnDemand RPM packages create world writable locations CWE-277 | - | - | 2025-11-20 |
| CVE-2025-62724 | Open OnDemand allowlist bypass using symlinks in directory downloads (TOCTOU) CWE-61 | 4.3 | Medium | 2025-11-20 |
| CVE-2025-58435 | Open OnDemand didn't rotate password for VNC batch_connect CWE-262 | 8.1AI | HighAI | 2025-09-09 |
| CVE-2025-53636 | Open OnDemand Shell App closed websocket DoS CWE-400 | 5.4 | Medium | 2025-07-11 |
All 6 known CVE vulnerabilities affecting ondemand with full Chinese analysis, references, and POCs where available.