CVE-2025-67076

Directory traversal vulnerability in Omnispace Agora Project before 25.10 allowing unauthenticated attackers to read files on the system via the misc controller and the ExternalGetFile action. Only files with an extension can be read...

CVE-2025-67078

Cross site scripting XSS vulnerability in Omnispace Agora Project before 25.10 allowing attackers to execute arbitrary code via the notify parameter of the file controller used to display errors...

CVE-2021-47819

ProjeQtOr Project Management 9.1.4 contains a file upload vulnerability that allows guest users to upload malicious PHP files with arbitrary code execution capabilities. Attackers can upload a PHP script through the profile attachment section and execute system commands by accessing the uploaded...

CVE-2021-47819

CVE-2021-47819 affects ProjeQtOr Project Management 9.1.4. A file upload vulnerability in the profile attachment feature allows guest users to upload PHP files, enabling arbitrary code execution by accessing the uploaded file with a crafted request parameter. Metrics indicate critical impact on c...

CVE-2021-47819 ProjeQtOr Project Management 9.1.4 - Remote Code Execution

ProjeQtOr Project Management 9.1.4 contains a file upload vulnerability that allows guest users to upload malicious PHP files with arbitrary code execution capabilities. Attackers can upload a PHP script through the profile attachment section and execute system commands by accessing the uploaded...

EUVD-2026-2750

ProjeQtOr Project Management 9.1.4 contains a file upload vulnerability that allows guest users to upload malicious PHP files with arbitrary code execution capabilities. Attackers can upload a PHP script through the profile attachment section and execute system commands by accessing the uploaded...

adpred (=1.3.2), bacpipe (>=1.2.0 <=1.3.2.dev0) +16 more potentially affected by CVE-2026-0897 via keras (>=3.0.0 <=3.12.0)

keras PYPI version =3.0.0, =1.2.0, =0.1.0, =0.0.4, =0.4.7, =1.0.3, =0.0.28, =0.2.0, =2.4.0, =0.1.0, =0.1.1, =14.0.0, =14.1.0 and more Source cves: CVE-2026-0897 Source advisory: SNYK:PYTHON-KERAS-14947722...

adpred (=1.3.2), bacpipe (>=1.2.0 <=1.3.2.dev0) +19 more potentially affected by CVE-2026-0897 via keras (>=3.0.0 <=3.13.0)

keras PYPI version =3.0.0, =1.2.0, =0.1.0, =0.0.4, =0.4.7, =1.0.3, =0.0.28, =0.2.0, =2.4.0, =3.14.3, =0.1.0, =0.0.60, =0.0.61 and more Source cves: CVE-2026-0897 Source advisory: OSV:PYSEC-2026-73...

WordPress Synergy Project Manager plugin <= 1.5 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by mcdruid in WordPress Plugin Synergy Project Manager versions = 1.5...

CVE-2025-70308

CVE-2025-70308 describes an out-of-bounds read in GPAC v2.4.0’s GSF demuxer filter, exploitable via a crafted .gsf file to cause Denial of Service. The connected sources (CNVD, OSV, Debian/NASL, NVD, etc.) confirm GPAC as the affected product and the GSF demuxer as the vulnerable component, with ...

CVE-2025-67076

Summary: CVE-2025-67076 is a directory traversal vulnerability in Omnispace Agora Project before 25.10 that allows unauthenticated attackers to read files on the system via the misc controller and the ExternalGetFile action, restricted to files with an extension. Affected software: Omnispace Agor...

CVE-2025-70298

GPAC (open-source multimedia framework): CVE-2025-70298 affects GPAC v2.4.0, via an out-of-bounds read in oggdmx_parse_tags. The root cause is inadequate validation of input data length, enabling an attacker to trigger a denial of service. The vulnerability is documented across multiple sources (...

CVE-2025-70310

GPAC v2.4.0 contains a heap overflow in the vorbis_to_intern() function, exploitable via a crafted .ogg file to cause a Denial of Service. Multiple connected sources (CNVD, Red Hat, Debian/OSV, NVD) corroborate a DoS-inducing overflow in vorbis_to_intern, with CVSS/metrics indicating a local atta...

CVE-2025-70309

GPAC 2.4.0 is affected by a stack overflow in pcmreframe_flush_packet triggered by a crafted WAV file, per multiple sources (CNVD, RedHat, NVD, OSV, Debian, Ubuntu, and others). The vulnerability stems from insufficient validation of input data length/size in the function, enabling a Denial of Se...

CVE-2025-67077

CVE-2025-67077 describes a file upload vulnerability in the Omnispace Agora Project before 25.10, reachable via the UploadTmpFile action. The issue affects authenticated users and, under some conditions, guest users, enabling file upload through that endpoint. The Red Hat/NVD/CIRCLOSV and PT-2026...

CVE-2025-67078

Omnispace Agora Project contains a Cross Site Scripting (XSS) vulnerability in versions prior to 25.10. The issue arises in the file controller’s notify parameter used to display errors, enabling an attacker to execute arbitrary code in the context of the affected user. The CVE is documented acro...

Linux Distros Unpatched Vulnerability : CVE-2025-70303

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A heap overflow in the uncvparseconfig function of GPAC v2.4.0 allows attackers to cause a Denial of Service DoS via a crafted MP4 file. CVE-2025-70303 Note tha...

CVE-2025-67079

File upload vulnerability in Omnispace Agora Project before 25.10 allowing attackers to execute code through the MSL engine of the Imagick library via crafted PDF file to the file upload and thumbnail functions...

CVE-2025-67076

Directory traversal vulnerability in Omnispace Agora Project before 25.10 allowing unauthenticated attackers to read files on the system via the misc controller and the ExternalGetFile action. Only files with an extension can be read...

PT-2026-3021

Name of the Vulnerable Software and Affected Versions Omnispace Agora Project versions prior to 25.10 Description A directory traversal issue exists in Omnispace Agora Project. This allows unauthenticated attackers to read files on the system through the misc controller and the ExternalGetFile...