13 matches found
EUVD-2025-199632
UnForm Server versions 10.1.15 contain an unauthenticated arbitrary file read and SMB coercion vulnerability in the Doc Flow feature’s 'arc' endpoint. The Doc Flow module uses the 'arc' handler to retrieve and render pages or resources specified by the user-supplied 'pp' parameter, but it does so...
CVE-2025-34350 UnForm Server < 10.1.15 Doc Flow Unauthenticated File Read
UnForm Server versions 10.1.15 contain an unauthenticated arbitrary file read and SMB coercion vulnerability in the Doc Flow feature’s 'arc' endpoint. The Doc Flow module uses the 'arc' handler to retrieve and render pages or resources specified by the user-supplied 'pp' parameter, but it does so...
CVE-2025-34350 UnForm Server < 10.1.15 Doc Flow Unauthenticated File Read
UnForm Server versions 10.1.15 contain an unauthenticated arbitrary file read and SMB coercion vulnerability in the Doc Flow feature’s 'arc' endpoint. The Doc Flow module uses the 'arc' handler to retrieve and render pages or resources specified by the user-supplied 'pp' parameter, but it does so...
CVE-2025-34350
Summary : CVE-2025-34350 affects UnForm Server
Synergetic Data Systems UnForm Server 安全漏洞
Synergetic Data Systems UnForm Server is a document management and print archiving server software from Synergetic Data Systems, USA. A security vulnerability exists in Synergetic Data Systems UnForm Server versions prior to 10.1.15, which stems from an unauthenticated file read and SMB coercion...
EUVD-2025-24643
Malicious code in bioql PyPI...
CVE-2025-34154
UnForm Server Manager versions prior to 10.1.12 expose an unauthenticated file read vulnerability via its log file analysis interface. The flaw resides in the arc endpoint, which accepts a fl parameter to specify the log file to be opened. Due to insufficient input validation and lack of path...
CVE-2025-34154
CVE-2025-34154 affects UnForm Server Manager versions prior to 10.1.12. The issue is in the arc endpoint's log file analysis interface, where the fl parameter lacks proper input validation and path sanitization, allowing unauthenticated attackers to read arbitrary files on the host (including OS-...
CVE-2025-34154 UnForm Server Manager < 10.1.12 Unauthenticated Arbitrary File Read
UnForm Server Manager versions prior to 10.1.12 expose an unauthenticated file read vulnerability via its log file analysis interface. The flaw resides in the arc endpoint, which accepts a fl parameter to specify the log file to be opened. Due to insufficient input validation and lack of path...
CVE-2025-34154 UnForm Server Manager < 10.1.12 Unauthenticated Arbitrary File Read
UnForm Server Manager versions prior to 10.1.12 expose an unauthenticated file read vulnerability via its log file analysis interface. The flaw resides in the arc endpoint, which accepts a fl parameter to specify the log file to be opened. Due to insufficient input validation and lack of path...
CVE-2025-34154
UnForm Server Manager versions prior to 10.1.12 expose an unauthenticated file read vulnerability via its log file analysis interface. The flaw resides in the arc endpoint, which accepts a fl parameter to specify the log file to be opened. Due to insufficient input validation and lack of path...
PT-2025-33096 · Unknown · Unform Server Manager
Name of the Vulnerable Software and Affected Versions: UnForm Server Manager versions prior to 10.1.12 Description: UnForm Server Manager versions prior to 10.1.12 contain an unauthenticated file read flaw in the log file analysis interface. The vulnerability is located in the arc endpoint, which...
Synergetic Data Systems UnForm Server Manager 安全漏洞
Synergetic Data Systems UnForm Server Manager is a browser-based management tool from Synergetic Data Systems, USA. A security vulnerability exists in Synergetic Data Systems UnForm Server Manager versions prior to 10.1.12 that stems from insufficient input validation of the log file analysis...