Lucene search
+L

11 matches found

Cvelist
Cvelist
added 3 days ago34 views

CVE-2026-53535 Activepieces: Arbitrary file write in git-sync via path traversal and symlinks

Activepieces is an open source AI workflow automation platform. Prior to 0.82.0, the git-sync feature clones a user-configured Git repository into a temporary directory on the server and then writes flow, table, and connection state into it before pushing back, and two separate weaknesses allowed...

5.9CVSS0.00574EPSS
Exploits0References4
CVE
CVE
added 3 days ago10 views

CVE-2026-53535

Activepieces prior to 0.82.0 is affected by an arbitrary file write in the git-sync workflow. The issue occurs because git-sync clones a configured repository into a temporary server directory with Git’s symbolic-link handling enabled, allowing symlinks to redirect writes. Additionally, on-disk i...

5.9CVSS6.3AI score0.00574EPSS
Exploits0References4
OSV
OSV
added 2026/01/22 2:15 a.m.7 views

CVE-2025-27380

HTML injection in Project Release in Altium Enterprise Server AES 7.0.3 on all platforms allows an authenticated attacker to execute arbitrary JavaScript in the victim’s browser via crafted HTML content...

7.6CVSS6AI score0.00237EPSS
Exploits0References1
NVD
NVD
added 2026/01/22 2:15 a.m.7 views

CVE-2025-27380

HTML injection in Project Release in Altium Enterprise Server AES 7.0.3 on all platforms allows an authenticated attacker to execute arbitrary JavaScript in the victim’s browser via crafted HTML content...

7.6CVSS0.00237EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/01/22 1:28 a.m.3 views

CVE-2025-27380

HTML injection in Project Release in Altium Enterprise Server AES 7.0.3 on all platforms allows an authenticated attacker to execute arbitrary JavaScript in the victim’s browser via crafted HTML content...

7.6CVSS5.8AI score0.00237EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/01/22 1:28 a.m.17 views

CVE-2025-27380

CVE-2025-27380 affects Altium Enterprise Server (AES) 7.0.3. In the Project Release feature, HTML content can be crafted to trigger an HTML injection, allowing an authenticated attacker to execute arbitrary JavaScript in the victim’s browser. The vulnerability stems from unsafe handling of HTML i...

7.6CVSS5.9AI score0.00237EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/22 1:28 a.m.3 views

CVE-2025-27380 HTML Injection Leading to Script Execution in Altium Enterprise Server

HTML injection in Project Release in Altium Enterprise Server AES 7.0.3 on all platforms allows an authenticated attacker to execute arbitrary JavaScript in the victim’s browser via crafted HTML content...

7.6CVSS5.9AI score0.00237EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/22 12:0 a.m.8 views

Altium Enterprise Server security vulnerabilities

Altium Enterprise Server is a localization data management server developed by Altium Corporation in the United States. Version 7.0.3 of Altium Enterprise Server contains a security vulnerability. This vulnerability stems from HTML injection in Project Release, which may allow arbitrary JavaScrip...

7.6CVSS6AI score0.00237EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/22 12:0 a.m.9 views

PT-2026-3896

Name of the Vulnerable Software and Affected Versions Altium Enterprise Server AES version 7.0.3 Description An authenticated attacker can execute arbitrary JavaScript in a victim’s browser through crafted HTML content within the Project Release feature. This impacts all platforms. Recommendation...

7.6CVSS6AI score0.00237EPSS
Exploits0References8
UbuntuCve
UbuntuCve
added 2023/12/01 12:0 a.m.24 views

CVE-2023-3949

An issue has been discovered in GitLab affecting all versions starting from 11.3 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for unauthorized users to view a public projects' release descriptions via an atom endpoint...

5.3CVSS6AI score0.0054EPSS
Exploits0References3
Drupal
Drupal
added 2009/01/07 12:0 a.m.10 views

SA-CONTRIB-2009-001 - Project release - Multiple vulnerabilities

Exploitable from: Remote Vulnerabilities: Arbitrary file upload, Cross-site scripting XSS The Project release module is a component within the broader Project module. This announcement covers the following two issues: 1. Project release enables file attachments to create a specific version of cod...

7AI score
Exploits0References7
Rows per page
Query Builder