7517 matches found
Security Bulletin: Vulnerabilities in OpenSSL affect IBM Aspera Enterprise Server, IBM Aspera Connect Server, IBM Aspera Point to Point Client, IBM A
Question Security Bulletin: Vulnerabilities in OpenSSL affect IBM Aspera Enterprise Server, IBM Aspera Connect Server, IBM Aspera Point to Point Client, IBM Aspera Desktop Client and IBM Aspera Connect Browser Plugin CVE-2016-2106, CVE-2016-2109, CVE-2016-2176 "Business...
Exploit for Command Injection in Github Enterprise_Server
CVE-2026-3854 - GitHub Enterprise Server that allowed an Remot...
Microsoft Office SharePoint 跨站脚本漏洞
Microsoft Office SharePoint is an enterprise content collaboration and document management platform developed by Microsoft Corporation. Microsoft Office SharePoint has a cross-site scripting vulnerability. Attackers exploit this vulnerability to carry out cross-site scripting attacks. The followi...
Microsoft Office SharePoint 跨站脚本漏洞
Microsoft Office SharePoint is an enterprise content collaboration and document management platform developed by Microsoft Corporation. Microsoft Office SharePoint has a cross-site scripting vulnerability. Attackers exploit this vulnerability to carry out cross-site scripting attacks. The followi...
Microsoft Office SharePoint 跨站脚本漏洞
Microsoft Office SharePoint is an enterprise content collaboration and document management platform developed by Microsoft Corporation. Microsoft Office SharePoint has a cross-site scripting vulnerability. Attackers utilize this vulnerability to carry out phishing attacks. The following products...
Microsoft Office SharePoint 跨站脚本漏洞
Microsoft Office SharePoint is an enterprise content collaboration and document management platform developed by Microsoft Corporation. Microsoft Office SharePoint has a cross-site scripting vulnerability. Attackers utilize this vulnerability to carry out phishing attacks. The following products...
CVE-2026-11420
Two path traversal vulnerabilities in the Network Installation Service NIS of Altium Enterprise Server allow an unauthenticated network attacker to write arbitrary files to any writable location on the server filesystem and to read package archive files from the server. No authentication, session...
CVE-2026-11424
A server-side request forgery SSRF vulnerability exists in a GraphQL service component shared by Altium Enterprise Server and Altium 365. An authenticated user can submit a request whose input is treated as a URL by the server and used to issue an outbound HTTP GET request without URL validation ...
EUVD-2026-34917
A server-side request forgery SSRF vulnerability exists in a GraphQL service component shared by Altium Enterprise Server and Altium 365. An authenticated user can submit a request whose input is treated as a URL by the server and used to issue an outbound HTTP GET request without URL validation ...
EUVD-2026-34918
A path traversal vulnerability exists in the Git Service component shared by Altium Enterprise Server and Altium 365. The service accepts a sequence of post-clone file-manipulation operations that use user-supplied paths without validation, allowing an authenticated user with basic git access to...
EUVD-2026-34919
A path traversal vulnerability exists in the Projects Service download endpoint shared by Altium Enterprise Server and Altium 365. An authenticated user can supply a crafted path parameter that bypasses validation, allowing arbitrary files including entire directories returned as archives to be...
CVE-2026-11424
A server-side request forgery SSRF vulnerability exists in a GraphQL service component shared by Altium Enterprise Server and Altium 365. An authenticated user can submit a request whose input is treated as a URL by the server and used to issue an outbound HTTP GET request without URL validation ...
CVE-2026-11431
A path traversal vulnerability exists in the Projects Service download endpoint shared by Altium Enterprise Server and Altium 365. An authenticated user can supply a crafted path parameter that bypasses validation, allowing arbitrary files including entire directories returned as archives to be...
CVE-2026-11431
CVE-2026-11431 describes a path traversal in Altium’s Projects Service download endpoint used by Altium Enterprise Server and Altium 365. An authenticated user can supply a crafted path that bypasses validation, enabling reading arbitrary files (including entire directories returned as archives) ...
CVE-2026-11429
Summary: CVE-2026-11429 describes a path traversal in the Git Service shared by Altium Enterprise Server and Altium 365. An authenticated user with basic git access can perform post-clone file-manipulation using unvalidated paths to move attacker-controlled content outside the repository, enablin...
CVE-2026-11429 Path Traversal in Altium Vault ScriptsController Allows Unauthenticated Remote Code Execution
Two endpoints in the Vault Service ScriptsController, shared by Altium Enterprise Server and Altium 365, accept file uploads where a user-supplied filename component is used to construct the destination path without validation, allowing arbitrary files to be written to any location writable by th...
CVE-2026-11429
A path traversal vulnerability exists in the Git Service component shared by Altium Enterprise Server and Altium 365. The service accepts a sequence of post-clone file-manipulation operations that use user-supplied paths without validation, allowing an authenticated user with basic git access to...
CVE-2026-11424
A server-side request forgery SSRF vulnerability exists in a GraphQL service component shared by Altium Enterprise Server and Altium 365. An authenticated user can submit a request whose input is treated as a URL by the server and used to issue an outbound HTTP GET request without URL validation ...
CVE-2026-11420
Two path traversal vulnerabilities in the Network Installation Service NIS of Altium Enterprise Server allow an unauthenticated network attacker to write arbitrary files to any writable location on the server filesystem and to read package archive files from the server. No authentication, session...
CVE-2026-11414
A hard-coded cryptographic key is used by Altium Enterprise Server to sign file download URLs in the Vault service. Because the key is identical across all installations, an unauthenticated network attacker who can reach the server can forge valid download signatures and retrieve files from the...