lynxtechnology CVE Vulnerabilities & Metrics

Focus on lynxtechnology vulnerabilities and metrics.

Last updated: 03 Dec 2025, 23:25 UTC

About lynxtechnology Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with lynxtechnology. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total lynxtechnology CVEs: 6
Earliest CVE date: 30 Mar 2018, 21:29 UTC
Latest CVE date: 19 Nov 2025, 18:15 UTC

Latest CVE reference: CVE-2025-13316

Rolling Stats

30-day Count (Rolling): 2
365-day Count (Rolling): 2

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): 0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): 0.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical lynxtechnology CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 2.98

Max CVSS: 5.0

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	2
4.0-6.9	4
7.0-8.9	0
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS lynxtechnology CVEs

These are the five CVEs with the highest CVSS scores for lynxtechnology, sorted by severity first and recency.

CVE-2018-7171 lynxtechnology Published on 30 Mar 2018, 21:29 UTC (CVSS: 5.0)
Directory traversal vulnerability in Twonky Server 7.0.11 through 8.5 allows remote attackers to share the contents of arbitrary directories via a .. (dot dot) in the contentbase parameter to rpc/set_all.
CVE-2018-9182 lynxtechnology Published on 08 Jun 2018, 01:29 UTC (CVSS: 4.3)
Twonky Server before 8.5.1 has XSS via a modified "language" parameter in the Language section.
CVE-2018-9177 lynxtechnology Published on 08 Jun 2018, 01:29 UTC (CVSS: 4.3)
Twonky Server before 8.5.1 has XSS via a folder name on the Shared Folders screen.
CVE-2018-7203 lynxtechnology Published on 30 Mar 2018, 21:29 UTC (CVSS: 4.3)
Cross-site scripting (XSS) vulnerability in Twonky Server 7.0.11 through 8.5 allows remote attackers to inject arbitrary web script or HTML via the friendlyname parameter to rpc/set_all.
CVE-2025-13316 lynxtechnology Published on 19 Nov 2025, 18:15 UTC (CVSS: 0)
Twonky Server 8.5.2 on Linux and Windows is vulnerable to a cryptographic flaw, use of hard-coded cryptographic keys. An attacker with knowledge of the encrypted administrator password can decrypt the value with static keys to view the plain text password and gain administrator-level access to Twonky Server.

All CVEs for lynxtechnology

CVE-2025-13316 lynxtechnology vulnerability CVSS: 0 19 Nov 2025, 18:15 UTC

Twonky Server 8.5.2 on Linux and Windows is vulnerable to a cryptographic flaw, use of hard-coded cryptographic keys. An attacker with knowledge of the encrypted administrator password can decrypt the value with static keys to view the plain text password and gain administrator-level access to Twonky Server.

CVE-2025-13315 lynxtechnology vulnerability CVSS: 0 19 Nov 2025, 18:15 UTC

Twonky Server 8.5.2 on Linux and Windows is vulnerable to an access control flaw. An unauthenticated attacker can bypass web service API authentication controls to leak a log file and read the administrator's username and encrypted password.

CVE-2018-9182 lynxtechnology vulnerability CVSS: 4.3 08 Jun 2018, 01:29 UTC

Twonky Server before 8.5.1 has XSS via a modified "language" parameter in the Language section.

CVE-2018-9177 lynxtechnology vulnerability CVSS: 4.3 08 Jun 2018, 01:29 UTC

Twonky Server before 8.5.1 has XSS via a folder name on the Shared Folders screen.

CVE-2018-7203 lynxtechnology vulnerability CVSS: 4.3 30 Mar 2018, 21:29 UTC

Cross-site scripting (XSS) vulnerability in Twonky Server 7.0.11 through 8.5 allows remote attackers to inject arbitrary web script or HTML via the friendlyname parameter to rpc/set_all.

CVE-2018-7171 lynxtechnology vulnerability CVSS: 5.0 30 Mar 2018, 21:29 UTC

Directory traversal vulnerability in Twonky Server 7.0.11 through 8.5 allows remote attackers to share the contents of arbitrary directories via a .. (dot dot) in the contentbase parameter to rpc/set_all.