opexustech CVE Vulnerabilities & Metrics

Focus on opexustech vulnerabilities and metrics.

Last updated: 12 May 2026, 22:25 UTC

About opexustech Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with opexustech. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total opexustech CVEs: 11
Earliest CVE date: 16 Jan 2025, 23:15 UTC
Latest CVE date: 19 Mar 2026, 16:16 UTC

Latest CVE reference: CVE-2026-32869

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 10

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): -100.0%
Year Variation (Calendar): 900.0%

Month Growth Rate (30-day Rolling): -100.0%
Year Growth Rate (365-day Rolling): 900.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical opexustech CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 0.0

Max CVSS: 0

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	11
4.0-6.9	0
7.0-8.9	0
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS opexustech CVEs

These are the five CVEs with the highest CVSS scores for opexustech, sorted by severity first and recency.

CVE-2026-32869 opexustech Published on 19 Mar 2026, 16:16 UTC (CVSS: 0)
OPEXUS eComplaint and eCASE before 10.2.0.0 do not correctly sanitize the contents of the "Name of Organization" field when filling out case information. An authenticated attacker can inject an XSS payload which is executed in the context of a victim's session when they visit the case information page.
CVE-2026-32868 opexustech Published on 19 Mar 2026, 16:16 UTC (CVSS: 0)
OPEXUS eComplaint and eCASE before 10.2.0.0 do not correctly sanitize the contents of first and last name fields in the 'My Information' screen. An authenticated attacker can inject parts of an XSS payload in the first and last name fields. The payload is executed when the full name is rendered. The attacker can run script in the context of a victim's session.
CVE-2026-32867 opexustech Published on 19 Mar 2026, 16:16 UTC (CVSS: 0)
OPEXUS eComplaint before version 10.1.0.0 allows an unauthenticated attacker to obtain or guess an existing case number and upload arbitrary files via 'Portal/EEOC/DocumentUploadPub.aspx'. Users would see these unexpected files in cases. Uploading a large number of files could consume storage.
CVE-2026-32866 opexustech Published on 19 Mar 2026, 16:16 UTC (CVSS: 0)
OPEXUS eComplaint and eCASE before 10.2.0.0 do not correctly sanitize the contents of first and last name fields in a user profile. An authenticated attacker can inject parts of an XSS payload in their first and last name fields. The payload is executed when the user's full name is rendered. The attacker can run script in the context of a victim's session.
CVE-2026-32865 opexustech Published on 19 Mar 2026, 16:16 UTC (CVSS: 0)
OPEXUS eComplaint and eCASE before version 10.1.0.0 include the secret verification code in the HTTP response when requesting a password reset via 'ForcePasswordReset.aspx'. An attacker who knows an existing user's email address can reset the user's password and security questions. Existing security questions are not asked during the process.

All CVEs for opexustech

CVE-2026-32869 opexustech vulnerability CVSS: 0 19 Mar 2026, 16:16 UTC

OPEXUS eComplaint and eCASE before 10.2.0.0 do not correctly sanitize the contents of the "Name of Organization" field when filling out case information. An authenticated attacker can inject an XSS payload which is executed in the context of a victim's session when they visit the case information page.

CVE-2026-32868 opexustech vulnerability CVSS: 0 19 Mar 2026, 16:16 UTC

OPEXUS eComplaint and eCASE before 10.2.0.0 do not correctly sanitize the contents of first and last name fields in the 'My Information' screen. An authenticated attacker can inject parts of an XSS payload in the first and last name fields. The payload is executed when the full name is rendered. The attacker can run script in the context of a victim's session.

CVE-2026-32867 opexustech vulnerability CVSS: 0 19 Mar 2026, 16:16 UTC

OPEXUS eComplaint before version 10.1.0.0 allows an unauthenticated attacker to obtain or guess an existing case number and upload arbitrary files via 'Portal/EEOC/DocumentUploadPub.aspx'. Users would see these unexpected files in cases. Uploading a large number of files could consume storage.

CVE-2026-32866 opexustech vulnerability CVSS: 0 19 Mar 2026, 16:16 UTC

OPEXUS eComplaint and eCASE before 10.2.0.0 do not correctly sanitize the contents of first and last name fields in a user profile. An authenticated attacker can inject parts of an XSS payload in their first and last name fields. The payload is executed when the user's full name is rendered. The attacker can run script in the context of a victim's session.

CVE-2026-32865 opexustech vulnerability CVSS: 0 19 Mar 2026, 16:16 UTC

OPEXUS eComplaint and eCASE before version 10.1.0.0 include the secret verification code in the HTTP response when requesting a password reset via 'ForcePasswordReset.aspx'. An attacker who knows an existing user's email address can reset the user's password and security questions. Existing security questions are not asked during the process.

CVE-2025-62586 opexustech vulnerability CVSS: 0 16 Oct 2025, 18:15 UTC

OPEXUS FOIAXpress allows a remote, unauthenticated attacker to reset the administrator password. Fixed in FOIAXpress version 11.13.2.0.

CVE-2025-58462 opexustech vulnerability CVSS: 0 09 Sep 2025, 21:15 UTC

OPEXUS FOIAXpress Public Access Link (PAL) before version 11.13.1.0 allows SQL injection via SearchPopularDocs.aspx. A remote, unauthenticated attacker could read, write, or delete any content in the underlying database.

CVE-2025-54834 opexustech vulnerability CVSS: 0 31 Jul 2025, 18:15 UTC

OPEXUS FOIAXpress Public Access Link (PAL) version v11.1.0 allows an unauthenticated, remote attacker to query the /App/CreateRequest.aspx endpoint to check for the existence of valid usernames. There are no rate-limiting mechanisms in place.

CVE-2025-54833 opexustech vulnerability CVSS: 0 31 Jul 2025, 18:15 UTC

OPEXUS FOIAXpress Public Access Link (PAL) version v11.1.0 allows attackers to bypass account-lockout and CAPTCHA protections. Unauthenticated remote attackers can more easily brute force passwords.

CVE-2025-54832 opexustech vulnerability CVSS: 0 31 Jul 2025, 18:15 UTC

OPEXUS FOIAXpress Public Access Link (PAL), version v11.1.0, allows an authenticated user to add entries to the list of states and territories.

CVE-2024-53553 opexustech vulnerability CVSS: 0 16 Jan 2025, 23:15 UTC

An issue in OPEXUS FOIAXPRESS PUBLIC ACCESS LINK v11.1.0 allows attackers to bypass authentication via crafted web requests.