These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2026-8364 documents a critical vulnerability in the Gladinet Triofox Cloud Server Agent Access Service (GladServerAgentService.exe). The service listens on TCP port 7878 and processes remote HTTP messages with URL paths starting with /resources, /status, /sysinfo, /woshome, /Settings, /schedule, or /DavCache. The vulnerability has been assigned a CVSS 3.1 score of 9.8 (Critical), indicating network at [truncated]
A critical stack-based buffer overflow vulnerability exists in WOSDeviceDropFolder.dll when processing HTTP requests containing an overly long URL path beginning with /resources:. The vulnerability, published by NVD on 2026-05-27, carries a CVSS 3.1 score of 9.8 (Critical) with network attack vector, low complexity, and no required privileges or user interaction. The underlying weakness is CWE-121 (Stack- [truncated]
A critical stack-based buffer overflow vulnerability exists in WOSDefaultHttpModule.dll when processing long URL paths beginning with /woshome. The vulnerability, published to NVD on 2026-05-27, carries a CVSS 3.1 score of 9.8 (Critical) with network attack vector, low complexity, and no required privileges or user interaction. The affected component appears to be a web server module handling HTTP request [truncated]
A path traversal vulnerability in WOSDefaultHttpModule.dll allows unauthenticated remote attackers to read arbitrary files via a URL path beginning with /woshome. The vulnerability carries a HIGH severity CVSS 3.1 score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), indicating network-accessible exploitation with low complexity, no privileges required, and high confidentiality impact. The affected componen [truncated]
A NULL pointer dereference vulnerability exists in Triofox Server Agent Management Console components. The function WOSCommonUtil.dll!WOSSysInfoGetDeviceInterface() can return a NULL pointer when no user is logged into the console, and this return value is not validated before dereference in dependent DLLs including WOSProfileMgrModule.dll and WOSWebDavModule.dll. The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N/ [truncated]
A NULL pointer dereference vulnerability exists in an unspecified product's HTTP request handling. When processing requests to URL paths beginning with `/status` or `/sysinfo`, the application attempts to load `WOSHttpStatusModule.dll` and call its `WOSBin_LoadHttpModule` export function. Because the DLL is not present in the installation, the function pointer remains NULL, leading to a call at address 0 [truncated]
CVE-2025-14611 is a CISA Known Exploited Vulnerabilities (KEV) entry for Gladinet CentreStack and Triofox, described as a hard-coded cryptographic vulnerability. The supplied source corpus does not include CVSS scoring or detailed exploit mechanics, but CISA’s KEV listing means defenders should treat it as an active-risk issue and act on vendor mitigation guidance promptly.
CVE-2025-12480 is an improper access control vulnerability in Gladinet Triofox. CISA added it to the Known Exploited Vulnerabilities (KEV) catalog on 2025-11-12, which means defenders should treat it as an actively exploited issue and prioritize remediation. The public corpus provided here does not include deeper technical details, so the safest interpretation is to focus on exposure reduction, vendor gui [truncated]
CVE-2025-11371 is a Gladinet CentreStack and Triofox vulnerability listed by CISA in the Known Exploited Vulnerabilities catalog. The recorded issue is described as files or directories being accessible to external parties, which indicates an unauthorized exposure risk rather than a software crash or performance problem. Because CISA has marked it as known exploited, organizations should treat it as an ur [truncated]
CVE-2025-30406 is a Gladinet CentreStack and Triofox vulnerability described as a hard-coded cryptographic key issue. CISA added it to the Known Exploited Vulnerabilities catalog on 2025-04-08, so defenders should treat it as an actively exploited risk. CISA’s remediation due date is 2025-04-29, and the catalog directs operators to apply vendor mitigations or discontinue use if mitigations are unavailable.
