262 matches found
Alfresco Share - Open Redirect
Alfresco Share before 5.2.6, 6.0.N and 6.1.N contains an open redirect vulnerability via a crafted POST request. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2019-14223 info: name:...
Exploit for Incorrect Authorization in Hyland Alfresco_Content_Services
CVE-2026-26336 — Alfresco Share Unauthenticated File Read...
@activepieces/piece-google-gemini (=0.1.6), @activepieces/piece-google-vertexai (=0.1.2) +9 more potentially affected by CVE-2026-33750 via brace-expansion (>=2.0.0 <=2.0.2)
brace-expansion NPM version =2.0.0, =0.2.1, =1.16.0, =1.0.1, =0.0.20, =15.0.0 - fluid-webdriver =1.1.2 - nx-cargo =1.0.0-alpha.2 Source cves: CVE-2026-33750 Source advisory: OSV:GHSA-F886-M6HF-6M8V...
@activepieces/piece-google-gemini (=0.1.6), @activepieces/piece-google-vertexai (=0.1.2) +9 more potentially affected by CVE-2026-33750 via brace-expansion (>=2.0.0 <=2.0.2)
brace-expansion NPM version =2.0.0, =0.2.1, =1.16.0, =1.0.1, =0.0.20, =15.0.0 - fluid-webdriver =1.1.2 - nx-cargo =1.0.0-alpha.2 Source cves: CVE-2026-33750 Source advisory: SNYK:JS-BRACEEXPANSION-15789759...
CVE-2026-3967
A flaw has been found in Alfresco Activiti up to 7.19/8.8.0. Affected by this issue is the function deserialize/createObjectInputStream of the file activiti-core/activiti-engine/src/main/java/org/activiti/engine/impl/variable/SerializableType.java of the component Process Variable Serialization...
EUVD-2026-11492
A flaw has been found in Alfresco Activiti up to 7.19/8.8.0. Affected by this issue is the function deserialize/createObjectInputStream of the file activiti-core/activiti-engine/src/main/java/org/activiti/engine/impl/variable/SerializableType.java of the component Process Variable Serialization...
CVE-2026-3967
A flaw has been found in Alfresco Activiti up to 7.19/8.8.0. Affected by this issue is the function deserialize/createObjectInputStream of the file activiti-core/activiti-engine/src/main/java/org/activiti/engine/impl/variable/SerializableType.java of the component Process Variable Serialization...
CVE-2026-3967 Alfresco Activiti Process Variable Serialization System SerializableType.java createObjectInputStream deserialization
A flaw has been found in Alfresco Activiti up to 7.19/8.8.0. Affected by this issue is the function deserialize/createObjectInputStream of the file activiti-core/activiti-engine/src/main/java/org/activiti/engine/impl/variable/SerializableType.java of the component Process Variable Serialization...
CVE-2026-3967
Alfresco Activiti up to versions 7.19/8.8.0 is affected by a deserialization flaw in the function deserialize/createObjectInputStream of activiti-core/activiti-engine/src/main/java/org/activiti/engine/impl/variable/SerializableType.java within the Process Variable Serialization System. This leads...
CVE-2026-3967
A flaw has been found in Alfresco Activiti up to 7.19/8.8.0. Affected by this issue is the function deserialize/createObjectInputStream of the file activiti-core/activiti-engine/src/main/java/org/activiti/engine/impl/variable/SerializableType.java of the component Process Variable Serialization...
CVE-2026-3967 Alfresco Activiti Process Variable Serialization System SerializableType.java createObjectInputStream deserialization
A flaw has been found in Alfresco Activiti up to 7.19/8.8.0. Affected by this issue is the function deserialize/createObjectInputStream of the file activiti-core/activiti-engine/src/main/java/org/activiti/engine/impl/variable/SerializableType.java of the component Process Variable Serialization...
Alfresco Activiti 代码问题漏洞
Alfresco Activiti is a workflow automation platform developed by the British company Alfresco. Versions of Alfresco Activiti 7.19/8.8.0 and earlier contained code vulnerabilities. These vulnerabilities stemmed from an operation in the function deserialize/createObjectInputStream located in the fi...
@adobe-apimesh/mesh-builder (=1.4.0-beta.5), @akylas/nativescript-cli (>=8.7.2 <=8.8.2) +328 more potentially affected by CVE-2026-27904 via minimatch (>=7.0.0 <=7.4.6)
minimatch NPM version =7.0.0, =8.7.2, =5.5.0-682, =0.0.5, =0.0.6, =3.6.0, =2.6.0, =2.5.0, =3.6.0, =4.6.0, =1.11.0, =4.0.0, =2.0.7, =2.0.4, =1.2.1, =1.3.1 and more Source cves: CVE-2026-27904 Source advisory: OSV:GHSA-23C5-XMQV-RM74...
CVE-2026-26338
Hyland Alfresco Transformation Service allows unauthenticated attackers to achieve server-side request forgery SSRF through the document processing functionality...
CVE-2026-26337
Hyland Alfresco Transformation Service allows unauthenticated attackers to achieve both arbitrary file read and server-side request forgery through the absolute path traversal...
CVE-2026-26339
Hyland Alfresco Transformation Service allows unauthenticated attackers to achieve remote code execution through the argument injection vulnerability, which exists in the document processing functionality...
CVE-2026-26339
Hyland Alfresco Transformation Service allows unauthenticated attackers to achieve remote code execution through the argument injection vulnerability, which exists in the document processing functionality...
CVE-2026-26339
Hyland Alfresco Transformation Service allows unauthenticated attackers to achieve remote code execution through the argument injection vulnerability, which exists in the document processing functionality...
CVE-2026-26337
Hyland Alfresco Transformation Service allows unauthenticated attackers to achieve both arbitrary file read and server-side request forgery through the absolute path traversal...
CVE-2026-26337
Hyland Alfresco Transformation Service allows unauthenticated attackers to achieve both arbitrary file read and server-side request forgery through the absolute path traversal...