Security Bulletin: IBM QRadar SIEM includes components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-49395 DESCRIPTION: In the Linux kernel, the following vulnerability has...

CVE-2025-53622

DSpace open source software is a repository application which provides durable access to digital resources. Prior to versions 7.6.4, 8.2, and 9.1, a path traversal vulnerability is possible during the import of an archive in Simple Archive Format, either from command-line ./dspace import command ...

CVE-2025-53622 DSpace has path traversal vulnerability in Simple Archive Format (SAF) package import via contents file

DSpace open source software is a repository application which provides durable access to digital resources. Prior to versions 7.6.4, 8.2, and 9.1, a path traversal vulnerability is possible during the import of an archive in Simple Archive Format, either from command-line ./dspace import command ...

CVE-2025-53622 DSpace has path traversal vulnerability in Simple Archive Format (SAF) package import via contents file

DSpace open source software is a repository application which provides durable access to digital resources. Prior to versions 7.6.4, 8.2, and 9.1, a path traversal vulnerability is possible during the import of an archive in Simple Archive Format, either from command-line ./dspace import command ...

CVE-2025-53622

CVE-2025-53622 affects DSpace open source repository software. A path traversal weakness exists in the SAF (Simple Archive Format) importer when importing archives, allowing a contents file to reference system files readable by the Tomcat user. This can lead to sensitive content disclosure (arbit...

CVE-2025-53622 DSpace has path traversal vulnerability in Simple Archive Format (SAF) package import via contents file

DSpace open source software is a repository application which provides durable access to digital resources. Prior to versions 7.6.4, 8.2, and 9.1, a path traversal vulnerability is possible during the import of an archive in Simple Archive Format, either from command-line ./dspace import command ...

CVE-2025-34110

A directory traversal vulnerability exists in ColoradoFTP Server ≤ 1.3 Build 8 for Windows, allowing unauthenticated attackers to read or write arbitrary files outside the configured FTP root directory. The flaw is due to insufficient sanitation of user-supplied file paths in the FTP GET and PUT...

CVE-2025-34110

A directory traversal vulnerability exists in ColoradoFTP Server ≤ 1.3 Build 8 for Windows, allowing unauthenticated attackers to read or write arbitrary files outside the configured FTP root directory. The flaw is due to insufficient sanitation of user-supplied file paths in the FTP GET and PUT...

CVE-2025-34110 ColoradoFTP Server <= 1.3 Build 8 Path Traversal Information Disclosure

A directory traversal vulnerability exists in ColoradoFTP Server ≤ 1.3 Build 8 for Windows, allowing unauthenticated attackers to read or write arbitrary files outside the configured FTP root directory. The flaw is due to insufficient sanitation of user-supplied file paths in the FTP GET and PUT...

CVE-2025-34110 ColoradoFTP Server <= 1.3 Build 8 Path Traversal Information Disclosure

A directory traversal vulnerability exists in ColoradoFTP Server ≤ 1.3 Build 8 for Windows, allowing unauthenticated attackers to read or write arbitrary files outside the configured FTP root directory. The flaw is due to insufficient sanitation of user-supplied file paths in the FTP GET and PUT...

CVE-2025-34110

CVE-2025-34110 affects ColoradoFTP Server for Windows up to version 1.3 Build 8. The issue is a directory traversal caused by insufficient sanitation of file paths in FTP GET and PUT handlers, allowing unauthenticated attackers to read/write files outside the FTP root. The vulnerability is exploi...

PT-2025-29552 · Unknown · Coloradoftp Server

Name of the Vulnerable Software and Affected Versions: ColoradoFTP Server versions prior to 1.3 Build 9 Description: A directory traversal issue exists in ColoradoFTP Server, allowing unauthenticated attackers to read or write arbitrary files outside the configured FTP root directory. The flaw is...

PT-2025-29569 · Dspace · Dspace

Name of the Vulnerable Software and Affected Versions: DSpace versions prior to 7.6.4 DSpace versions prior to 8.2 DSpace versions prior to 9.1 Description: DSpace is a repository application providing access to digital resources. A path traversal issue exists during the import of an archive in...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the GetFile function in the filecontroller.go. An attacker can access arbitrary files on the server by manipulating the fileName argument. Details A Directory Traversal attack also known as path traversal aims to...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the ResetUserAvatar function in the API component when processing the filename argument. An attacker can overwrite or delete arbitrary files on the server by supplying crafted path values. Details A Directory...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via a two-step extraction process involving a crafted symlink and a subsequent archive containing a relative path that targets a critical file. An attacker can overwrite files outside the intended extraction director...

Iranian-Backed Pay2Key Ransomware Resurfaces with 80% Profit Share for Cybercriminals

An Iranian-backed ransomware-as-a-service RaaS named Pay2Key has resurfaced in the wake of the Israel-Iran-U.S. conflict last month, offering bigger payouts to cybercriminals who launch attacks against Israel and the U.S. The financially motivated scheme, now operating under the moniker...

CVE-2025-44177

A directory traversal vulnerability was discovered in White Star Software Protop version 4.4.2-2024-11-27, specifically in the /pt3upd/ endpoint. An unauthenticated attacker can remotely read arbitrary files on the underlying OS using encoded traversal sequences...

White-Basilisk: a Hybrid Model for Code Vulnerability Detection

The proliferation of software vulnerabilities presents a significant challenge to cybersecurity, necessitating more effective detection methodologies. We introduce White-Basilisk, a novel approach to vulnerability detection that demonstrates superior performance while challenging prevailing...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the extraction process of zip archives. An attacker can write files to arbitrary locations on the file system by crafting a zip archive with directory traversal sequences in file paths. Note: This is only...