20993 matches found
Security Bulletin: IBM OmniFind Text Search Server for DB2 for i is affected by multiple vulnerabilities. [CVE-2017-15691, CVE-2024-47072, CVE-2024-45492, CVE-2024-25269, CVE-2024-36052]
Summary IBM OmniFind Text Search Server for DB2 for i is vulnerable to overflow attacks CVE-2024-47072, CVE-2024-45492, Improper Restriction of XML External Entity Reference attack CVE-2017-15691, Uncontrolled Resource Consumption attack CVE-2024-25269, and Improper Neutralization attack...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via improper validation of the workspace directory path during artifact upload. An attacker can access arbitrary files from the Jenkins controller workspace directory by supplying crafted paths. Details A Directory...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via improper handling of symbolic links in the PutContents API. If open registration is enabled, an attacker can execute arbitrary code on the system by uploading files that exploit symbolic link traversal. This...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via improper handling of symbolic links in the PutContents API. If open registration is enabled, an attacker can execute arbitrary code on the system by uploading files that exploit symbolic link traversal. This...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via improper handling of symbolic links in the PutContents API. If open registration is enabled, an attacker can execute arbitrary code on the system by uploading files that exploit symbolic link traversal. This...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via improper handling of symbolic links in the PutContents API. If open registration is enabled, an attacker can execute arbitrary code on the system by uploading files that exploit symbolic link traversal. This...
CVE-2025-67504
WBCE CMS is a content management system. Versions 1.6.4 and below use function GenerateRandomPassword to create passwords using PHP's rand. rand is not cryptographically secure, which allows password sequences to be predicted or brute-forced. This can lead to user account compromise or privilege...
CVE-2025-67506
PipesHub is a fully extensible workplace AI platform for enterprise search and workflow automation. Versions prior to 0.1.0-beta expose POST /api/v1/record/buffer/convert through missing authentication. The endpoint accepts a file upload and converts it to PDF via LibreOffice by uploading payload...
CVE-2025-67506 PipesHub Vulnerable to Path Traversal through Unauthenticated Arbitrary File Upload
PipesHub is a fully extensible workplace AI platform for enterprise search and workflow automation. Versions prior to 0.1.0-beta expose POST /api/v1/record/buffer/convert through missing authentication. The endpoint accepts a file upload and converts it to PDF via LibreOffice by uploading payload...
CVE-2025-67506 PipesHub Vulnerable to Path Traversal through Unauthenticated Arbitrary File Upload
PipesHub is a fully extensible workplace AI platform for enterprise search and workflow automation. Versions prior to 0.1.0-beta expose POST /api/v1/record/buffer/convert through missing authentication. The endpoint accepts a file upload and converts it to PDF via LibreOffice by uploading payload...
EUVD-2025-202360
PipesHub is a fully extensible workplace AI platform for enterprise search and workflow automation. Versions prior to 0.1.0-beta expose POST /api/v1/record/buffer/convert through missing authentication. The endpoint accepts a file upload and converts it to PDF via LibreOffice by uploading payload...
CVE-2025-67506 PipesHub Vulnerable to Path Traversal through Unauthenticated Arbitrary File Upload
PipesHub is a fully extensible workplace AI platform for enterprise search and workflow automation. Versions prior to 0.1.0-beta expose POST /api/v1/record/buffer/convert through missing authentication. The endpoint accepts a file upload and converts it to PDF via LibreOffice by uploading payload...
CVE-2025-67506
PipesHub’s CVE-2025-67506 affects versions prior to 0.1.0-beta. An unauthenticated POST /api/v1/record/buffer/convert accepts a file upload and uses LibreOffice to convert to PDF by writing the uploaded file to os.path.join(tmpdir, file.filename) without filename normalization. Attackers can supp...
PT-2025-50519
QiHang Media Web Digital Signage 3.0.9 contains an unauthenticated file deletion vulnerability in the QH.aspx endpoint that allows remote attackers to delete files without authentication. Attackers can exploit the 'data' parameter by sending a POST request with file paths to delete arbitrary file...
True Random Number Generators on IQM Spark
Random number generation is fundamental for many modern applications including cryptography, simulations and machine learning. Traditional pseudo-random numbers may offer statistical unpredictability, but are ultimately deterministic. On the other hand, True Random Number Generation TRNG offers...
PT-2025-50297
Name of the Vulnerable Software and Affected Versions PipesHub versions prior to 0.1.0-beta Description PipesHub is a workplace AI platform for enterprise search and workflow automation. Versions prior to 0.1.0-beta have a missing authentication check on the POST /api/v1/record/buffer/convert...
Apache HTTP Server Security Bypass Vulnerability (CNVD-2025-3083394)
Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. A security bypass vulnerability exists in Apache HTTP Server versions 2.4.0 through 2.4.65 due to incorrect neutralization of...
EUVD-2021-34724
STVS ProVision 5.9.10 contains a path traversal vulnerability that allows authenticated attackers to access arbitrary files by manipulating the files parameter in the archive download functionality. Attackers can send GET requests to /archive/download with directory traversal sequences to read...
CVE-2021-47724
STVS ProVision 5.9.10 contains a path traversal vulnerability that allows authenticated attackers to access arbitrary files by manipulating the files parameter in the archive download functionality. Attackers can send GET requests to /archive/download with directory traversal sequences to read...
CVE-2021-47724
STVS ProVision 5.9.10 contains a path traversal vulnerability that allows authenticated attackers to access arbitrary files by manipulating the files parameter in the archive download functionality. Attackers can send GET requests to /archive/download with directory traversal sequences to read...