11 matches found
CVE-2026-53535 Activepieces: Arbitrary file write in git-sync via path traversal and symlinks
Activepieces is an open source AI workflow automation platform. Prior to 0.82.0, the git-sync feature clones a user-configured Git repository into a temporary directory on the server and then writes flow, table, and connection state into it before pushing back, and two separate weaknesses allowed...
CVE-2026-53535
Activepieces prior to 0.82.0 is affected by an arbitrary file write in the git-sync workflow. The issue occurs because git-sync clones a configured repository into a temporary server directory with Git’s symbolic-link handling enabled, allowing symlinks to redirect writes. Additionally, on-disk i...
CVE-2025-27380
HTML injection in Project Release in Altium Enterprise Server AES 7.0.3 on all platforms allows an authenticated attacker to execute arbitrary JavaScript in the victim’s browser via crafted HTML content...
CVE-2025-27380
HTML injection in Project Release in Altium Enterprise Server AES 7.0.3 on all platforms allows an authenticated attacker to execute arbitrary JavaScript in the victim’s browser via crafted HTML content...
CVE-2025-27380
HTML injection in Project Release in Altium Enterprise Server AES 7.0.3 on all platforms allows an authenticated attacker to execute arbitrary JavaScript in the victim’s browser via crafted HTML content...
CVE-2025-27380
CVE-2025-27380 affects Altium Enterprise Server (AES) 7.0.3. In the Project Release feature, HTML content can be crafted to trigger an HTML injection, allowing an authenticated attacker to execute arbitrary JavaScript in the victim’s browser. The vulnerability stems from unsafe handling of HTML i...
CVE-2025-27380 HTML Injection Leading to Script Execution in Altium Enterprise Server
HTML injection in Project Release in Altium Enterprise Server AES 7.0.3 on all platforms allows an authenticated attacker to execute arbitrary JavaScript in the victim’s browser via crafted HTML content...
Altium Enterprise Server security vulnerabilities
Altium Enterprise Server is a localization data management server developed by Altium Corporation in the United States. Version 7.0.3 of Altium Enterprise Server contains a security vulnerability. This vulnerability stems from HTML injection in Project Release, which may allow arbitrary JavaScrip...
PT-2026-3896
Name of the Vulnerable Software and Affected Versions Altium Enterprise Server AES version 7.0.3 Description An authenticated attacker can execute arbitrary JavaScript in a victim’s browser through crafted HTML content within the Project Release feature. This impacts all platforms. Recommendation...
CVE-2023-3949
An issue has been discovered in GitLab affecting all versions starting from 11.3 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for unauthorized users to view a public projects' release descriptions via an atom endpoint...
SA-CONTRIB-2009-001 - Project release - Multiple vulnerabilities
Exploitable from: Remote Vulnerabilities: Arbitrary file upload, Cross-site scripting XSS The Project release module is a component within the broader Project module. This announcement covers the following two issues: 1. Project release enables file attachments to create a specific version of cod...