Ibexa Kernel's files with blacklisted extensions can be still saved to drafts

Impact File validation can be configured to reject certain files by file type. When this happens, validation fails, and the content can't be published. However, the file can be saved when saving the content draft. This means unwanted files can be present in storage, even if they are not easily...

CVE-2024-27317

A path traversal vulnerability was found in Apache Pulsar. Pulsar allows authenticated users to upload functions to be run by the Pulsar Function Workers, these codes are in the format of a ZIP file. When extracting the uploaded ZIP file Pulsar fails to properly validate the file names contained ...

GHSA-672R-97R7-VX2Q pretix mishandles file validation

pretix before 2024.1.1 mishandles file validation...

pretix mishandles file validation

pretix before 2024.1.1 mishandles file validation...

PYSEC-2024-253

pretix before 2024.1.1 mishandles file validation...

CVE-2024-27447

pretix before 2024.1.1 mishandles file validation...

CVE-2024-27447

pretix before 2024.1.1 mishandles file validation...

PYSEC-2024-253

pretix before 2024.1.1 mishandles file validation...

CVE-2024-27447

pretix prior to 2024.1.1 has an improper file validation vulnerability in its upload handling. This misvalidation can affect confidentiality, integrity, and availability, with a CVSS v3.1 base score of 9.8 (CRITICAL) and network attack vector, no user interaction. Public details from connected so...

rami.io pretix security breach

rami.io pretix is a ticket store application for conferences, festivals, concerts, tech events, shows, exhibitions, workshops, bars, etc. from the German company rami.io. A security vulnerability exists in rami.io pretix versions prior to 2024.1.1 that stems from incorrectly handling file...

CVE-2024-27447

pretix before 2024.1.1 mishandles file validation...

CVE-2024-27447

pretix before 2024.1.1 mishandles file validation...

PT-2024-21903 · Pretix · Pretix

Name of the Vulnerable Software and Affected Versions: pretix versions prior to 2024.1.1 Description: The issue is related to the mishandling of file validation. Recommendations: For versions prior to 2024.1.1, update to version 2024.1.1 or later to resolve the issue...

CVE-2023-6925 Unlimited Addons for WPBakery Page Builder <= 1.0.42 - Authenticated (Editor+) Arbitrary File Upload

The Unlimited Addons for WPBakery Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation on the 'importZipFile' function in versions up to, and including, 1.0.42. This makes it possible for authenticated attackers with a role that the...

CVE-2023-6925

The Unlimited Addons for WPBakery Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation on the ‘importZipFile’ function in versions up to, and including, 1.0.42. This makes it possible for authenticated attackers with a role that the...

WordPress plugin AI Engine: Chatbots, Generators, Assistants, GPT 4 and more! Security Vulnerabilities

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress plugin AI Engine: Chatbots,...

CVE-2023-32329

IBM Security Access Manager Container IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1 could allow a user to download files from an incorrect repository due to improper file validation. IBM X-Force ID: 254972...

Input validation

IBM Security Access Manager Container IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1 could allow a user to download files from an incorrect repository due to improper file validation. IBM X-Force ID: 254972...

CVE-2023-32329 IBM Security Access Manager Container improper file validation

IBM Security Access Manager Container IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1 could allow a user to download files from an incorrect repository due to improper file validation. IBM X-Force ID: 254972...

CVE-2023-32329 IBM Security Access Manager Container improper file validation

IBM Security Access Manager Container IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1 could allow a user to download files from an incorrect repository due to improper file validation. IBM X-Force ID: 254972...