2 matches found
CVE-2025-67077
CVE-2025-67077 describes a file upload vulnerability in the Omnispace Agora Project before 25.10, reachable via the UploadTmpFile action. The issue affects authenticated users and, under some conditions, guest users, enabling file upload through that endpoint. The Red Hat/NVD/CIRCLOSV and PT-2026...
CVE-2025-67079
CVE-2025-67079 describes a file upload vulnerability in Omnispace Agora Project prior to 25.10. The issue allows code execution via the MSL engine of the Imagick library when a crafted PDF is uploaded through the file upload and thumbnail functions. The underlying cause is misuse in handling craf...