Partner Software CVEs and Security Vulnerabilities

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-6078	1 Partner Software	2 Partner Software, Partner Web	2025-11-03	5.4 Medium
Partner Software's Partner Software application and Partner Web application allows an authenticated user to add notes on the 'Notes' page when viewing a job but does not completely sanitize input, making it possible to add notes with HTML tags and JavaScript, enabling an attacker to add a note containing malicious JavaScript, leading to stored XSS (cross-site scripting).
CVE-2025-6077	1 Partner Software	2 Partner Software, Partner Web	2025-11-03	9.8 Critical
Partner Software's Partner Software Product and corresponding Partner Web application use the same default username and password for the administrator account across all versions.
CVE-2025-6076	1 Partner Software	2 Partner Software, Partner Web	2025-11-03	8.8 High
Partner Software's Partner Software application and Partner Web application do not sanitize files uploaded on the "reports" tab, allowing an authenticated attacker to upload a malicious file and compromise the device. By default, the software runs as SYSTEM, heightening the severity of the vulnerability.

Page 1 of 1.