11 matches found
CVE-2026-26058 Zulip: Path Traversal in Import
Zulip is an open-source team collaboration tool. From version 1.4.0 to before version 11.6, ./manage.py import reads arbitrary files from the server filesystem via path traversal in uploads/records.json. A crafted export tarball causes the server to copy any file the zulip user can read into the...
CVE-2025-26058
creationtimestamp| type| source ---|---|--- 2025-02-18 18:16:20+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lihulnndlf2t 2025-02-18 20:59:46+00:00| seen| https://t.me/cvedetector/18348 2025-02-18 21:56:20+00:00| seen|...
CVE-2025-26058
Webkul QloApps v1.6.1 exposes authentication tokens in URLs during redirection. When users access the admin panel or other protected areas, the application appends sensitive authentication tokens directly to the URL...
CVE-2025-26058
Webkul QloApps v1.6.1 exposes authentication tokens in URLs during redirection. When users access the admin panel or other protected areas, the application appends sensitive authentication tokens directly to the URL...
CVE-2025-26058
Webkul QloApps v1.6.1 exposes authentication tokens in URLs during redirection. When users access the admin panel or other protected areas, the application appends sensitive authentication tokens directly to the URL...
CVE-2023-26058
creationtimestamp| type| source ---|---|--- 2023-04-25 16:25:13+00:00| seen| https://t.me/cibsecurity/62798...
CVE-2023-26058
An XXE issue was discovered in Nokia NetAct before 22 FP2211 via an XML document to a Performance Manager page. Input validation and a proper XML parser configuration are missing. For an external attacker, it is very difficult to exploit this, because a few dynamically created parameters such as...
CVE-2023-26058
CVE-2023-26058 – Nokia NetAct XXE : Multiple sources confirm an XML External Entity vulnerability in Nokia NetAct prior to 22 FP2211, exploitable via an XML document to a Performance Manager page. The root cause is missing input validation and improper XML parser configuration. Impact is describe...
CVE-2021-26058
...
CVE-2021-26058
CVE-2021-26058 is rejected and not used; it does not represent an active vulnerability entry.
CVE-2022-26058
This CVE entry is rejected/not used and does not represent an active vulnerability entry.