VaelsysV4 Security Advisories
Published security notifications affecting VaelsysV4.
Advisory list
This page lists security advisories and notifications related to VaelsysV4. Each notification ID links to a dedicated advisory page with full details.
| Notification ID | Title | Product / Component | Severity | Status | Published | Updated |
|---|---|---|---|---|---|---|
| VSEC-V4-2026-03-0001 | Vaelsys OS command injection in vgrid_server.php (setSystemTimezone) (CVE-2026-2952) | Vifence3-VaelsysV4 web interface / vgrid_server.php (execute_DataObjectProc) | High | Fixed | 2026-03-20 | 2026-03-20 |
| VSEC-V4-2025-07-0003 | Vaelsys improper authorization in user creation handler (CVE-2025-8261) | Vifence3-VaelsysV4 web interface / vgrid_server.php (xajax) | None | Revised | 2026-03-20 | 2026-03-20 |
| VSEC-V4-2025-07-0002 | Vaelsys MD5 hash leakage (CVE-2025-8260) | Vifence3-VaelsysV4 web interface / vgrid_server.php (xajax) | Medium | Fixed | 2026-03-20 | 2026-03-20 |
| VSEC-V4-2025-07-0001 | Vaelsys OS command injection in vgrid_server.php (testConnectivity) (CVE-2025-8259) | Vifence3-VaelsysV4 / vgrid_server.php (execute_DataObjectProc) | High | Fixed | 2026-03-20 | 2026-03-20 |
Reporting new vulnerabilities
To report a new security vulnerability in VaelsysV4 or any other Vaelsys product, please email security@vaelsys.com as described in our vulnerability reporting policy on the main security advisory page.