ByteOS Network

vertex-app

Source -

CNANVD

BOS Name -

N/A

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -

2Vulnerabilities found

CVE-2026-11408

Assigner-VulDB

View Details

Assigner-VulDB

CVSS Score-5.3||MEDIUM

EPSS-0.74% / 73.41%

7 Day CHG~0.00%

Published-06 Jun, 2026 | 10:30

Updated-08 Jun, 2026 | 16:33

vertex-app vertex Log Viewer Endpoint LogMod.js os command injection

A vulnerability was identified in vertex-app vertex up to 2026.02.12. This issue affects some unknown processing of the file app/model/LogMod.js of the component Log Viewer Endpoint. Such manipulation of the argument req.query leads to os command injection. The attack can be executed remotely. The exploit is publicly available and might be used. The name of the patch is 805d82e7100d49b79b3beb1b9420e8e458987198. It is best practice to apply a patch to resolve this issue.

Vendor-vertex-app

Product-vertex

CWE ID-CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

CWE ID-CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVE-2024-40646

Assigner-GitHub, Inc.

View Details

Assigner-GitHub, Inc.

CVSS Score-8.6||HIGH

EPSS-0.06% / 19.02%

7 Day CHG~0.00%

Published-01 Jun, 2026 | 13:16

Updated-08 Jun, 2026 | 13:59

Vertex Vulnerable to Path Traversal

Vertex is a management tool for PT (Private Tracker) users to manage streaming and watching videos. Versions prior to commit fbde301b97986d5913fc4bc95f5445750d282e11 are vulnerable to path traversal. Users should upgrade to a version containing commit fbde301b97986d5913fc4bc95f5445750d282e11 to receive a patch.

Vendor-vertex-app vertex-app

Product-vertex vertex

CWE ID-CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')