3 matches found
GHSA-2FMP-9RVW-HC96 Network-AI: Poisoned environment backup manifest allows arbitrary recursive deletion during backup pruning
Summary EnvironmentManager.listBackups reads each backup's manifest.json and trusts the manifest's path field. EnvironmentManager.pruneBackups later passes that trusted entry.path directly to rmSyncentry.path, recursive: true, force: true . An attacker who can place or modify a manifest inside...
PT-2026-2294
Name of the Vulnerable Software and Affected Versions Iris versions prior to 2.4.24 Description Iris is a web collaborative platform used by incident responders to share technical details during investigations. The DFIR-IRIS datastore file management system has an issue where authenticated users...
Advantech WebAccessNode suffers from arbitrary path file deletion vulnerability
Advantech WebAccessNode is a fully Internet Explorer-based HMI/SCADA monitoring software. Advantech WebAccessNode has an arbitrary path file deletion vulnerability that can be exploited by an attacker to delete arbitrary path files on the system...