CVE Tools

seagate

Hardware FirmwareUScommercial

18

Cumulative CVEs

5

Monthly snapshots

#42

Peak rank

Top products

Latest CVEs

The 15 most recently published vulnerabilities affecting seagate.

CVE-2025-9267In Seagate Toolkit on Windows a vulnerability exists in the Toolkit Installer prior to versions 2.35.0.6 where it attempts to load DLLs from the current working directory without validating their...6.5Sep 26, 2025
CVE-2020-6627The web-management application on Seagate Central NAS STCG2000300, STCG3000300, and STCG4000300 devices allows OS command injection via mv_backend_launch in cirrus/application/helpers/mv_backend_he...9.8Dec 6, 2022
CVE-2021-43429A Denial of Service vulnerability exists in CORTX-S3 Server as of 11/7/2021 via the mempool_destroy method due to a failture to release locks pool->lock.7.5Apr 7, 2022
CVE-2018-12304Cross-site scripting in Application Manager in Seagate NAS OS version 4.3.15.1 allows attackers to execute JavaScript via multiple application metadata fields: Short Description, Publisher Name, Pu...6.1May 13, 2019
CVE-2018-12303Cross-site scripting in filebrowser in Seagate NAS OS version 4.3.15.1 allows attackers to execute JavaScript via directory names.5.4May 13, 2019
CVE-2018-12302Missing HTTPOnly flag on session cookies in the Seagate NAS OS version 4.3.15.1 web application allows attackers to steal session tokens via cross-site scripting.6.1May 13, 2019
CVE-2018-12301Unvalidated URL in Download Manager in Seagate NAS OS version 4.3.15.1 allows attackers to access the loopback interface via a Download URL of 127.0.0.1 or localhost.7.5May 13, 2019
CVE-2018-12300Arbitrary Redirect in echo-server.html in Seagate NAS OS version 4.3.15.1 allows attackers to disclose information in the Referer header via the 'state' URL parameter.6.1May 13, 2019
CVE-2018-12299Cross-site scripting in filebrowser in Seagate NAS OS version 4.3.15.1 allows attackers to execute JavaScript via uploaded file names.5.4May 13, 2019
CVE-2018-12298Directory Traversal in filebrowser in Seagate NAS OS 4.3.15.1 allows attackers to read files within the application's container via a URL path.7.5May 13, 2019
CVE-2018-12297Cross-site scripting in API error pages in Seagate NAS OS version 4.3.15.1 allows attackers to execute JavaScript via URL path names.6.1May 13, 2019
CVE-2018-12296Insufficient access control in /api/external/7.0/system.System.get_infos in Seagate NAS OS version 4.3.15.1 allows attackers to obtain information about the NAS without authentication via empty POS...7.5May 13, 2019
CVE-2018-12295SQL injection in folderViewSpecific.psp in Seagate NAS OS version 4.3.15.1 allows attackers to execute arbitrary SQL commands via the dirId URL parameter.9.8May 13, 2019
CVE-2017-18263Seagate Media Server in Seagate Personal Cloud before 4.3.18.4 has directory traversal in getPhotoPlaylistPhotos.psp via a parameter named url.7.5Apr 28, 2018
CVE-2014-3206Seagate BlackArmor NAS allows remote attackers to execute arbitrary code via the session parameter to localhost/backupmgt/localJob.php or the auth_name parameter to localhost/backupmgmt/pre_connect...9.8Feb 23, 2018