CVE-2022-50916

CVE-2022-50916 affects e107 CMS v3.2.1. A file upload vulnerability in the Media Manager import functionality allows authenticated administrators to override server files by manipulating the upload URL parameter, potentially overwriting files like top.php in the web application directory. Publicl...

CVE-2022-50916 e107 CMS v3.2.1 - Upload restriction bypass (Authenticated [Admin])+ Server file override

e107 CMS version 3.2.1 contains a file upload vulnerability that allows authenticated administrators to override server files through the Media Manager import functionality. Attackers can exploit the upload mechanism by manipulating the upload URL parameter to overwrite existing files like top.ph...

CVE-2022-50899

Geonetwork 3.10–4.2.0 is affected by an XML External Entity (XXE) vulnerability in the PDF rendering path. The issue arises from an insecure XML parser that can be driven by a crafted XML document with external entity references, allowing an attacker to read arbitrary server files via the baseURL...

CVE-2025-25652

In Eptura Archibus 2024.03.01.109, the "Run script" and "Server File" components of the "Database Update Wizard" are vulnerable to directory traversal...

CVE-2025-25652

In Eptura Archibus 2024.03.01.109, the "Run script" and "Server File" components of the "Database Update Wizard" are vulnerable to directory traversal...

CVE-2025-25652

In Eptura Archibus 2024.03.01.109, the "Run script" and "Server File" components of the "Database Update Wizard" are vulnerable to directory traversal...

CVE-2025-25652

CVE-2025-25652 affects Eptura Archibus 2024.03.01.109. The vulnerability is a directory traversal in the Database Update Wizard’s Run script and Server File components, enabling an attacker to read files on the server by manipulating requests (e.g., c0-param0/c0-param1 in the affected service). R...

PT-2026-2449

Name of the Vulnerable Software and Affected Versions Eptura Archibus version 2024.03.01.109 Description The “Run script” and “Server File” components within the “Database Update Wizard” are susceptible to directory traversal. This allows unauthorized access to files and directories...

GeoNetwork 代码问题漏洞

GeoNetwork is GeoNetwork open source a catalog application . It is used to manage spatially referenced resources. A code issue vulnerability exists in GeoNetwork 4.2.0 and earlier versions, which stems from an XML external entity vulnerability in PDF rendering that could lead to reading arbitrary...

CVE-2025-25652

In Eptura Archibus 2024.03.01.109, the "Run script" and "Server File" components of the "Database Update Wizard" are vulnerable to directory traversal...

Eptura Archibus 安全漏洞

Eptura Archibus is an all-in-one workspace management system platform from Eptura Corporation, USA. A security vulnerability exists in Eptura Archibus version 2024.03.01.109, which stems from a directory traversal in the Run script and Server File components of the Database Update Wizard...

CVE-2025-68472

CVE-2025-68472 affects MindsDB prior to version 25.11.1. A unauthenticated path traversal in the File Upload API allows reading arbitrary server files and moving them into MindsDB’s storage when the PUT handler in file.py concatenates user-controlled data into a filesystem path for JSON uploads (...

MindsDB has improper sanitation of filepath that leads to information disclosure and DOS

Summary BlueRock discovered an unauthenticated path traversal in the file upload API lets any caller read arbitrary files from the server filesystem and move them into MindsDB’s storage, exposing sensitive data. Details The PUT handler in file.py directly joins user-controlled data into a...

CVE-2025-23195

An XML External Entity XXE vulnerability exists in the Ambari/Oozie project, allowing an attacker to inject malicious XML entities. This vulnerability occurs due to insecure parsing of XML input using the DocumentBuilderFactory class without disabling external entity resolution. An attacker can...

PT-2026-1765

Name of the Vulnerable Software and Affected Versions TP-Link Archer AXE75 versions through build 20250107 Description An improper input validation issue exists in the vpn modules of TP-Link Archer AXE75. An authenticated attacker in a nearby location can delete arbitrary server files, potentiall...

📄 Eptura Archibus Directory Traversal

In Eptura Archibus versions before version 2025.01, the "Run script" and "Server File" components of the "Database Update Wizard" are vulnerable to directory traversal. Title: Eptura Archibus Directory Traversal Description: In Eptura Archibus versions before v2025.01, the "Run script" and "Serve...

VulnCheck KEV: CVE-2026-21858

n8n is an open source workflow automation platform. Versions starting with 1.65.0 and below 1.121.0 enable an attacker to access files on the underlying server through execution of certain form-based workflows. A vulnerable workflow could grant access to an unauthenticated remote attacker,...

n8n 输入验证错误漏洞

n8n is a scalable workflow automation tool from the n8n open source. An input validation error vulnerability exists in versions prior to n8n 1.121.0, which stems from an attacker being able to access underlying server files by executing a form-based workflow, potentially leading to the disclosure...

CVE-2026-21858

CVE-2026-21858 (n8n) affects n8n versions starting from 1.65.0 up to and including 1.120.x. The root cause is an inadequate input validation in form-based workflow processing, leading to Content-Type confusion that enables an unauthenticated attacker to read arbitrary server files and potentially...

Critical n8n Vulnerability (CVSS 10.0) Allows Unauthenticated Attackers to Take Full Control

Cybersecurity researchers have disclosed details of yet another maximum-severity security flaw in n8n, a popular workflow automation platform, that allows an unauthenticated remote attacker to gain complete control over susceptible instances. The vulnerability, tracked as CVE-2026-21858 CVSS scor...