47 matches found
CVE-2022-50992
Weaver E-cology 9.5 (pre-10.52) contains an unauthenticated arbitrary file read via the XmlRpcServlet at the XML-RPC endpoint. Attackers can pass file paths to WorkflowService.getAttachment and WorkflowService.LoadTemplateProp to read arbitrary files, including system configuration and database c...
CVE-2022-50992 Weaver E-cology 9.5 Unauthenticated Arbitrary File Read via XmlRpcServlet
Weaver Fanwei E-cology 9.5 versions prior to 10.52 contain an arbitrary file read vulnerability in the XmlRpcServlet interface at the XML-RPC endpoint that allows unauthenticated remote attackers to read arbitrary files by supplying file paths to the WorkflowService.getAttachment and...
CVE-2022-50992 Weaver E-cology 9.5 Unauthenticated Arbitrary File Read via XmlRpcServlet
Weaver Fanwei E-cology 9.5 versions prior to 10.52 contain an arbitrary file read vulnerability in the XmlRpcServlet interface at the XML-RPC endpoint that allows unauthenticated remote attackers to read arbitrary files by supplying file paths to the WorkflowService.getAttachment and...
Weaver E-cology 路径遍历漏洞
Weaver E-cology is a collaboration management platform developed by the Chinese company Weaver. Versions of Weaver E-cology prior to 9.5 and 10.52 had a path traversal vulnerability. This vulnerability stemmed from an arbitrary file reading vulnerability present in the XML-RPC endpoints provided ...
CVE-2026-1868
GitLab has remediated a vulnerability in the Duo Workflow Service component of GitLab AI Gateway affecting all versions of the AI Gateway from 18.1.6, 18.2.6, 18.3.1 to 18.6.1, 18.7.0, and 18.8.0 in which AI Gateway was vulnerable to insecure template expansion of user supplied data via crafted D...
CVE-2026-1868
GitLab has remediated a vulnerability in the Duo Workflow Service component of GitLab AI Gateway affecting all versions of the AI Gateway from 18.1.6, 18.2.6, 18.3.1 to 18.6.1, 18.7.0, and 18.8.0 in which AI Gateway was vulnerable to insecure template expansion of user supplied data via crafted D...
CVE-2026-1868 Improper Neutralization of Special Elements Used in a Template Engine in GitLab AI Gateway
GitLab has remediated a vulnerability in the Duo Workflow Service component of GitLab AI Gateway affecting all versions of the AI Gateway from 18.1.6, 18.2.6, 18.3.1 to 18.6.1, 18.7.0, and 18.8.0 in which AI Gateway was vulnerable to insecure template expansion of user supplied data via crafted D...
CVE-2026-1868
GitLab has remediated a vulnerability in the Duo Workflow Service component of GitLab AI Gateway affecting all versions of the AI Gateway from 18.1.6, 18.2.6, 18.3.1 to 18.6.1, 18.7.0, and 18.8.0 in which AI Gateway was vulnerable to insecure template expansion of user supplied data via crafted D...
CVE-2026-1868 Improper Neutralization of Special Elements Used in a Template Engine in GitLab AI Gateway
GitLab has remediated a vulnerability in the Duo Workflow Service component of GitLab AI Gateway affecting all versions of the AI Gateway from 18.1.6, 18.2.6, 18.3.1 to 18.6.1, 18.7.0, and 18.8.0 in which AI Gateway was vulnerable to insecure template expansion of user supplied data via crafted D...
Debian dla-4391 : python3-mistralclient - security update
The remote Debian 11 host has a package installed that is affected by a vulnerability as referenced in the dla-4391 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4391-1 [email protected] https://www.debian.org/lts/security/...
CVE-2025-55685
Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally...
EUVD-2025-34332
Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally...
EUVD-2025-34331
Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally...
EUVD-2025-34333
Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally...
CVE-2025-55690
Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally...
CVE-2025-55691
Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally...
CVE-2025-55685
Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally...
CVE-2025-55686
Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally...
CVE-2025-55684
Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally...
CVE-2025-55691 Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability
...