Lucene search
K

828 matches found

OSV
OSV
added 2025/12/18 2:15 p.m.5 views

CVE-2025-40898

A path traversal vulnerability was discovered in the Import Arc data archive functionality due to insufficient validation of the input file. An authenticated user with limited privileges, by uploading a specifically-crafted Arc data archive, can potentially write arbitrary files in arbitrary path...

7.2CVSS5.9AI score0.00338EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/18 1:19 p.m.3 views

CVE-2025-40898 Path traversal in Import Arc data archive functionality in Guardian/CMC before 25.5.0

A path traversal vulnerability was discovered in the Import Arc data archive functionality due to insufficient validation of the input file. An authenticated user with limited privileges, by uploading a specifically-crafted Arc data archive, can potentially write arbitrary files in arbitrary path...

8.1CVSS6.5AI score0.00338EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/18 1:19 p.m.22 views

CVE-2025-40898 Path traversal in Import Arc data archive functionality in Guardian/CMC before 25.5.0

A path traversal vulnerability was discovered in the Import Arc data archive functionality due to insufficient validation of the input file. An authenticated user with limited privileges, by uploading a specifically-crafted Arc data archive, can potentially write arbitrary files in arbitrary path...

8.1CVSS0.00338EPSS
Exploits0References1
CVE
CVE
added 2025/12/18 1:19 p.m.13 views

CVE-2025-40898

CVE-2025-40898 describes a path traversal in Nozomi Networks Guardian/CMC (Import Arc data archive) where an authenticated user with limited privileges can upload a crafted Arc archive to write arbitrary files and alter device configuration or affect availability. Multiple connected sources confi...

8.1CVSS6.5AI score0.00338EPSS
Exploits0References2Affected Software2
EUVD
EUVD
added 2025/12/18 1:19 p.m.5 views

EUVD-2025-204258

A path traversal vulnerability was discovered in the Import Arc data archive functionality due to insufficient validation of the input file. An authenticated user with limited privileges, by uploading a specifically-crafted Arc data archive, can potentially write arbitrary files in arbitrary path...

8.1CVSS6.3AI score0.00338EPSS
Exploits0References2
Microsoft KB
Microsoft KB
added 2025/12/18 12:0 a.m.16 views

December 18, 2025—KB5074978 (Monthly Rollup) Out-of-band

December 18, 2025—KB5074978 Monthly Rollup Out-of-band Important The installation of this Extended Security Update ESU might fail when you try to install it on an Azure Arc-enabled device that is running Windows Server 2012 R2. For a successful installation, please make sure all Subset of endpoin...

5.5AI score
Exploits0
Microsoft KB
Microsoft KB
added 2025/12/18 12:0 a.m.17 views

December 18, 2025—KB5074980 (Monthly Rollup) Out-of-band

December 18, 2025—KB5074980 Monthly Rollup Out-of-band Important The installation of this Extended Security Update ESU might fail when you try to install it on an Azure Arc-enabled device that is running Windows Server 2012. For a successful installation, please make sure all Subset of endpoints...

5.5AI score
Exploits0
Positive Technologies
Positive Technologies
added 2025/12/18 12:0 a.m.6 views

PT-2025-52222

A path traversal vulnerability was discovered in the Import Arc data archive functionality due to insufficient validation of the input file. An authenticated user with limited privileges, by uploading a specifically-crafted Arc data archive, can potentially write arbitrary files in arbitrary path...

8.1CVSS6.8AI score0.00338EPSS
Exploits0References1
NOZOMI
NOZOMI
added 2025/12/18 12:0 a.m.5 views

Path traversal in Import Arc data archive functionality in Guardian/CMC before 25.5.0

Summary A path traversal vulnerability was discovered in the Import Arc data archive functionality due to insufficient validation of the input file. Impact An authenticated user with limited privileges, by uploading a specifically-crafted Arc data archive, can potentially write arbitrary files in...

8.1CVSS6.8AI score0.00338EPSS
Exploits0Affected Software2
Microsoft KB
Microsoft KB
added 2025/12/09 8:0 a.m.26 views

November 11, 2025—Hotpatch KB5068966 (OS Build 26100.7092)

None None...

9.8CVSS7.4AI score0.99962EPSS
Exploits33
Microsoft KB
Microsoft KB
added 2025/12/09 8:0 a.m.9 views

November 11, 2025—KB5068907 (Monthly Rollup)

November 11, 2025—KB5068907 Monthly Rollup Important The installation of this Extended Security Update ESU might fail when you try to install it on an Azure Arc-enabled device that is running Windows Server 2012. For a successful installation, please make sure all Subset of endpoints for ESU only...

9.8CVSS7.4AI score0.05793EPSS
Exploits2
Microsoft KB
Microsoft KB
added 2025/12/09 8:0 a.m.29 views

November 11, 2025—KB5068905 (Monthly Rollup)

November 11, 2025—KB5068905 Monthly Rollup Important The installation of this Extended Security Update ESU might fail when you try to install it on an Azure Arc-enabled device that is running Windows Server 2012 R2. For a successful installation, please make sure all Subset of endpoints for ESU...

9.8CVSS7.4AI score0.05793EPSS
Exploits2
Microsoft KB
Microsoft KB
added 2025/12/09 8:0 a.m.47 views

December 9, 2025—Hotpatch KB5072014 (OS Build 26100.7392)

None None...

9.8CVSS7.4AI score0.99962EPSS
Exploits26
Microsoft KB
Microsoft KB
added 2025/12/09 8:0 a.m.12 views

December 9, 2025—KB5071505 (Monthly Rollup)

December 9, 2025—KB5071505 Monthly Rollup Important The installation of this Extended Security Update ESU might fail when you try to install it on an Azure Arc-enabled device that is running Windows Server 2012. For a successful installation, please make sure all Subset of endpoints for ESU only...

8.8CVSS7.7AI score0.02075EPSS
Exploits5
Microsoft KB
Microsoft KB
added 2025/12/09 8:0 a.m.37 views

December 9, 2025—KB5071503 (Monthly Rollup)

December 9, 2025—KB5071503 Monthly Rollup Important The installation of this Extended Security Update ESU might fail when you try to install it on an Azure Arc-enabled device that is running Windows Server 2012 R2. For a successful installation, please make sure all Subset of endpoints for ESU on...

8.8CVSS7.7AI score0.02075EPSS
Exploits5
RedhatCVE
RedhatCVE
added 2025/11/26 8:1 p.m.11 views

CVE-2025-34350

UnForm Server versions 10.1.15 contain an unauthenticated arbitrary file read and SMB coercion vulnerability in the Doc Flow feature’s 'arc' endpoint. The Doc Flow module uses the 'arc' handler to retrieve and render pages or resources specified by the user-supplied 'pp' parameter, but it does so...

8.7CVSS6.5AI score0.00872EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/25 9:32 p.m.4 views

EUVD-2025-199632

UnForm Server versions 10.1.15 contain an unauthenticated arbitrary file read and SMB coercion vulnerability in the Doc Flow feature’s 'arc' endpoint. The Doc Flow module uses the 'arc' handler to retrieve and render pages or resources specified by the user-supplied 'pp' parameter, but it does so...

8.7CVSS6AI score0.00872EPSS
Exploits0References3
NVD
NVD
added 2025/11/25 7:15 p.m.7 views

CVE-2025-34350

UnForm Server versions 10.1.15 contain an unauthenticated arbitrary file read and SMB coercion vulnerability in the Doc Flow feature’s 'arc' endpoint. The Doc Flow module uses the 'arc' handler to retrieve and render pages or resources specified by the user-supplied 'pp' parameter, but it does so...

8.7CVSS0.00872EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/11/25 7:4 p.m.9 views

CVE-2025-34350 UnForm Server < 10.1.15 Doc Flow Unauthenticated File Read

UnForm Server versions 10.1.15 contain an unauthenticated arbitrary file read and SMB coercion vulnerability in the Doc Flow feature’s 'arc' endpoint. The Doc Flow module uses the 'arc' handler to retrieve and render pages or resources specified by the user-supplied 'pp' parameter, but it does so...

8.7CVSS0.00872EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/11/25 7:4 p.m.3 views

CVE-2025-34350 UnForm Server < 10.1.15 Doc Flow Unauthenticated File Read

UnForm Server versions 10.1.15 contain an unauthenticated arbitrary file read and SMB coercion vulnerability in the Doc Flow feature’s 'arc' endpoint. The Doc Flow module uses the 'arc' handler to retrieve and render pages or resources specified by the user-supplied 'pp' parameter, but it does so...

8.7CVSS6.1AI score0.00872EPSS
Exploits0References2
Rows per page
Query Builder