By vendor

Buffalo vulnerabilities

Known CVEs affecting Buffalo products, prioritized by severity, with SEC.co remediation and detection guidance.

2 published vulnerabilities

  • CVE-2026-45778MEDIUM 5.4

    OpenXDMoD, an open-source HPC (High Performance Computing) metrics collection and analysis framework, contains a stored cross-site scripting (XSS) vulnerability in user profiles combined with a password reset abuse vector. An authenticated attacker can inject malicious JavaScript into their profile, then weaponize the password reset feature to send victims a crafted link. When a victim clicks the link, the attacker's payload executes in their browser, enabling credential theft and account hijacking. All versions prior to 11.0.3 are affected.

  • CVE-2026-45776MEDIUM 4.3

    OpenXDMoD is an open-source framework used by HPC (high-performance computing) centers to collect and monitor system performance metrics. Versions before 11.0.3 contain a session-handling flaw that allows an authenticated attacker to manipulate authorization checks. If an installation includes the optional Job Performance (SUPReMM) module, an attacker could view other users' job efficiency data they shouldn't have access to. The vulnerability requires an existing login but does not require admin privileges.