38 matches found
CVE-2026-42555
Valtimo is an open-source business process automation platform. com.ritense.valtimo:document from 12.0.0 to before 12.32.0, com.ritense.valtimo:case from 13.0.0 to before 13.23.0, and com.ritense.valtimo:contract from 13.4.0 to before 13.23.0 evaluate Spring Expression Language SpEL expressions...
Admidio is Missing Authorization and CSRF Protection on Document and Folder Deletion
Summary The documents and files module in Admidio does not verify whether the current user has permission to delete folders or files. The folderdelete and filedelete action handlers in modules/documents-files.php only perform a VIEW authorization check getFolderForDownload / getFileForDownload...
GHSA-RMPJ-3X5M-9M5F Admidio is Missing Authorization and CSRF Protection on Document and Folder Deletion
Summary The documents and files module in Admidio does not verify whether the current user has permission to delete folders or files. The folderdelete and filedelete action handlers in modules/documents-files.php only perform a VIEW authorization check getFolderForDownload / getFileForDownload...
EUVD-2024-52654
Malicious code in bioql PyPI...
EUVD-2023-51112
Malicious code in bioql PyPI...
CVE-2024-54687
Vtiger CRM v.6.1 and before is vulnerable to Cross Site Scripting XSS via the Documents module and function uploadAndSaveFile in CRMEntity.php...
CVE-2023-46953
SQL Injection vulnerability in ABO.CMS v.5.9.3, allows remote attackers to execute arbitrary code via the d parameter in the Documents module...
CVE-2024-54687
Vtiger CRM v.6.1 and before is vulnerable to Cross Site Scripting XSS via the Documents module and function uploadAndSaveFile in CRMEntity.php...
CVE-2024-54687
Vtiger CRM v.6.1 and before is vulnerable to Cross Site Scripting XSS via the Documents module and function uploadAndSaveFile in CRMEntity.php...
CVE-2024-54687
Vtiger CRM v.6.1 and before is vulnerable to Cross Site Scripting XSS via the Documents module and function uploadAndSaveFile in CRMEntity.php...
CVE-2024-54687
Vtiger CRM v6.1 and earlier is vulnerable to Cross-Site Scripting (XSS) via the Documents module, specifically through the uploadAndSaveFile function in CRMEntity.php. The underlying cause is an XSS flaw in that path, enabling injected payloads to execute in affected users’ browsers. Public detai...
Vtiger CRM 安全漏洞
Vtiger CRM is a customer relationship management system CRM developed based on SugarCRM by Vtiger USA. The management system provides functions such as managing, collecting, and analyzing customer information. A security vulnerability exists in Vtiger CRM v.6.1 and earlier versions, which stems...
CVE-2024-54687
Vtiger CRM v.6.1 and before is vulnerable to Cross Site Scripting XSS via the Documents module and function uploadAndSaveFile in CRMEntity.php...
CVE-2024-53619
An authenticated arbitrary file upload vulnerability in the Documents module of SPIP v4.3.3 allows attackers to execute arbitrary code via uploading a crafted PDF file...
UBUNTU-CVE-2024-53619
An authenticated arbitrary file upload vulnerability in the Documents module of SPIP v4.3.3 allows attackers to execute arbitrary code via uploading a crafted PDF file...
SPIP 安全漏洞
SPIP is a free software for creating Internet sites from the SPIP open source. A security vulnerability exists in SPIP v4.3.3, which originates from an authenticated arbitrary file upload vulnerability in the Documents module...
PT-2024-35793 · Spip · Spip
Name of the Vulnerable Software and Affected Versions: SPIP version 4.3.3 Description: The issue concerns an authenticated arbitrary file upload vulnerability in the Documents module. This allows attackers to execute arbitrary code by uploading a crafted PDF file. There is no information provided...
CVE-2024-53619
CVE-2024-53619 concerns an authenticated arbitrary file upload in the Documents module of SPIP v4.3.3 that can lead to arbitrary code execution via a crafted PDF upload. The incident is consistently described across multiple sources as affecting SPIP 4.3.3 with an authenticated file upload path, ...
CVE-2024-53619
An authenticated arbitrary file upload vulnerability in the Documents module of SPIP v4.3.3 allows attackers to execute arbitrary code via uploading a crafted PDF file...
BIT-SUITECRM-2020-15300
SuiteCRM through 7.11.13 has an Open Redirect in the Documents module via a crafted SVG document...