CVE-2026-42196

django-s3file is a lightweight file upload input for Django and Amazon S3. Prior to 7.0.2, S3FileMiddleware is vulnerable to relative path traversal attacks, where an attacker can use a modified request to escape pre-signed upload locations and have the Django application load files from random...

CVE-2026-42196 django-s3file: Relative path traversal

django-s3file is a lightweight file upload input for Django and Amazon S3. Prior to 7.0.2, S3FileMiddleware is vulnerable to relative path traversal attacks, where an attacker can use a modified request to escape pre-signed upload locations and have the Django application load files from random...

django-s3file 路径遍历漏洞

django-s3file is a lightweight file upload and input software developed by Johannes Maron for Django and Amazon S3. Versions of django-s3file prior to 7.0.2 contained a path traversal vulnerability. This vulnerability stemmed from relative path traversal within the S3FileMiddleware, which could...

EUVD-2025-33894

IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user on the network to delete reviews from other users due to client-side enforcement of server-side security...

EUVD-2020-29061

Malware in sbrugna...

EUVD-2014-2883

Malware in sbrugna...

EUVD-2025-25663

Malicious code in bioql PyPI...

Security Bulletin: The IBM® Engineering Lifecycle Management - Jazz Foundation is impacted by Relative Path Traversal vulnerability.

Summary A vulnerability has been identified in IBM Engineering Lifecycle Management -Jazz Foundation, due to relative path traversal. This bulletin contains information regarding vulnerabilities and remediation actions. Vulnerability Details CVEID:CVE-2025-25048 DESCRIPTION: IBM Jazz Foundation...

CVE-2025-36157

IBM Jazz Foundation 7.0.2 to 7.0.2 iFix035, 7.0.3 to 7.0.3 iFix018, and 7.1.0 to 7.1.0 iFix004 could allow an unauthenticated remote attacker to update server property files that would allow them to perform unauthorized actions...

CVE-2025-36157

IBM Jazz Foundation 7.0.2 to 7.0.2 iFix035, 7.0.3 to 7.0.3 iFix018, and 7.1.0 to 7.1.0 iFix004 could allow an unauthenticated remote attacker to update server property files that would allow them to perform unauthorized actions...

CVE-2021-43205

An exposure of sensitive information to an unauthorized actor vulnerability CWE-200 in FortiClient for Linux version 7.0.2 and below, 6.4.7 and below and 6.2.9 and below may allow an unauthenticated attacker to access the confighandler webserver via external binaries...

CVE-2021-37153

ForgeRock Access Management AM before 7.0.2, when configured with Active Directory as the Identity Store, has an authentication-bypass issue...

BIT-DOLIBARR-2022-22293

admin/limits.php in Dolibarr 7.0.2 allows HTML injection, as demonstrated by the MAINMAXDECIMALSTOT parameter...

OpenEMR 安全漏洞

OpenEMR is an open source medical management system from the OpenEMR community. The system can be used for medical practice management, electronic medical records, prescription writing and medical billing requests. A security vulnerability exists in OpenEMR version 7.0.2 that stems from SQL...

CVE-2024-25051

IBM Jazz Reporting Service 7.0.2 and 7.0.3 does not invalidate session after logout which could allow an authenticated privileged user to impersonate another user on the system...

IBM Engineering Lifecycle Optimization 路径遍历漏洞

IBM Engineering Lifecycle Optimization ELO is an extension of the Engineering Lifecycle Management ELM portfolio from International Business Machines IBM. They make it easier to collect and analyze data across the development environment to make better decisions. Automate reporting to ensure that...

Security Bulletin: The IBM® Engineering Lifecycle Management is vulnerable to cross-site scripting

Summary A cross-site scripting vulnerability has been identified on the URL "/jts/auth/authrequired". The web-url does not properly sanitise and escape xss payload before out-putting a 'layout' parameter that users supply to the response body leading to a Cross Site Scripting attack. This bulleti...

Security Bulletin: The IBM® Engineering Lifecycle Management is impacted by vulnerabilties in User Dashboards

Summary A vulnerability was reported in dashboard during pen testing. User's dashboard could be changed with a PUT request which did not check the user's identity, and this request enabled a user to change any dashboard the user has read access to. This bulletin contains information regarding the...

IBM Engineering Systems Design Rhapsody 安全漏洞

IBM Engineering Systems Design Rhapsody is part of the IBM Engineering product portfolio from International Business Machines IBM. It provides a collaborative design development and test environment for systems engineers supporting UML, SysML, UAF, and AUTOSAR. A security vulnerability exists in...

PT-2024-8880 · Ibm · Ibm Engineering Systems Design Rhapsody - Model Manager

Name of the Vulnerable Software and Affected Versions: IBM Engineering Systems Design Rhapsody - Model Manager versions 7.0.2 through 7.0.3 Description: The issue is caused by a race condition, allowing a remote attacker to bypass security restrictions. By sending a specially crafted request, an...