ByteOS Network

reflect

Source -

NVD

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -

3Vulnerabilities found

CVE-2022-50925

Assigner-VulnCheck

View Details

Assigner-VulnCheck

CVSS Score-8.6||HIGH

EPSS-0.03% / 6.13%

7 Day CHG~0.00%

Published-13 Jan, 2026 | 22:51

Updated-30 Jan, 2026 | 14:00

Prowise Reflect v1.0.9 - Remote Keystroke Injection

Prowise Reflect version 1.0.9 contains a remote keystroke injection vulnerability that allows attackers to send keyboard events through an exposed WebSocket on port 8082. Attackers can craft malicious web pages to inject keystrokes, opening applications and typing arbitrary text by sending specific WebSocket messages.

Vendor-prowise Prowise

Product-reflect Prowise Reflect

CWE ID-CWE-346

Origin Validation Error

CVE-2023-43896

Assigner-MITRE Corporation

View Details

Assigner-MITRE Corporation

CVSS Score-7.8||HIGH

EPSS-0.09% / 25.23%

7 Day CHG~0.00%

Published-10 Oct, 2023 | 00:00

Updated-19 Sep, 2024 | 14:59

A buffer overflow in Macrium Reflect 8.1.7544 and below allows attackers to escalate privileges or execute arbitrary code.

Vendor-macrium n/a

Product-reflect n/a

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CVE-2020-10143

Assigner-CERT/CC

View Details

Assigner-CERT/CC

CVSS Score-7.8||HIGH

EPSS-0.04% / 13.61%

7 Day CHG~0.00%

Published-09 Dec, 2020 | 22:35

Updated-04 Aug, 2024 | 10:50

Macrium Reflect includes an OpenSSL component that specifies an OPENSSLDIR variable as C:\openssl\. Macrium Reflect contains a privileged service that uses this OpenSSL component. Because unprivileged Windows users can create subdirectories off of the system root, a user can create the appropriate path to a specially-crafted openssl.cnf file to achieve arbitrary code execution with SYSTEM privileges.

Vendor-macrium Macrium

Product-reflect Reflect

CWE ID-CWE-284

Improper Access Control

CWE ID-CWE-665

Improper Initialization