CVE-2026-3089 Actual Sync Server 26.2.1 - Authenticated Path Traversal

Actual Sync Server allows authenticated users to upload files through POST /sync/upload-user-file. In versions prior to 26.3.0, improper validation of the user-controlled x-actual-file-id header means that traversal segments ../ can escape the intended directory and write files outside...

IBM OpenPages 安全漏洞

IBM OpenPages is an AI-driven, highly scalable Governance, Risk and Compliance GRC solution from International Business Machines IBM. A security vulnerability exists in IBM OpenPages versions 9.0 and 9.1, which stems from improper validation of the HOST header input and could lead to cross-site...

CVE-2019-1974

A vulnerability in the web-based management interface of Cisco Integrated Management Controller IMC Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to bypass user authentication and gain access as an administrative user...

CVE-2019-1937

A vulnerability in the web-based management interface of Cisco Integrated Management Controller IMC Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to acquire a valid session token with administrator privileges, bypassing...