Lucene search
K

20 matches found

NVD
NVD
added 2026/04/24 7:17 p.m.5 views

CVE-2026-41419

4ga Boards is a boards system for realtime project management. Prior to 3.3.5, a path traversal vulnerability allows an authenticated user with board import privileges to make the server ingest arbitrary host files as board attachments during BOARDS archive import. Once imported, the file can be...

7.6CVSS0.00306EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/24 6:50 p.m.6 views

CVE-2026-41419 4ga Boards: Import Path Traversal Leads to Arbitrary File Read

4ga Boards is a boards system for realtime project management. Prior to 3.3.5, a path traversal vulnerability allows an authenticated user with board import privileges to make the server ingest arbitrary host files as board attachments during BOARDS archive import. Once imported, the file can be...

7.6CVSS5.3AI score0.00306EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/24 6:50 p.m.7 views

EUVD-2026-25613

4ga Boards is a boards system for realtime project management. Prior to 3.3.5, a path traversal vulnerability allows an authenticated user with board import privileges to make the server ingest arbitrary host files as board attachments during BOARDS archive import. Once imported, the file can be...

7.6CVSS5.3AI score0.00306EPSS
Exploits0References1
CVE
CVE
added 2026/04/24 6:50 p.m.9 views

CVE-2026-41419

The CVE describes a path traversal vulnerability in 4ga Boards prior to version 3.3.5. An authenticated user with board import privileges can cause the server to ingest arbitrary host files as board attachments during a BOARDS archive import. Once imported, those files may be downloaded via the s...

7.6CVSS5.3AI score0.00306EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/24 12:0 a.m.6 views

PT-2026-35064

Name of the Vulnerable Software and Affected Versions 4ga Boards versions prior to 3.3.5 Description A path traversal issue allows an authenticated user with board import privileges to force the server to ingest arbitrary host files as board attachments during the BOARDS archive import process...

7.6CVSS5.3AI score0.00306EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/04/24 12:0 a.m.13 views

4ga Boards 路径遍历漏洞

4ga Boards is a real-time project management dashboard system developed by RAR Personal Developers. Versions of 4ga Boards prior to 3.3.5 contained a path traversal vulnerability. This vulnerability stemmed from path traversal during the import of BOARDS archives, which could lead to unauthorized...

7.6CVSS5.8AI score0.00306EPSS
Exploits0References2
NVD
NVD
added 2026/04/17 10:16 p.m.6 views

CVE-2026-40258

The Gramps Web API is a Python REST API for the genealogical research software Gramps. Versions 1.6.0 through 3.11.0 have a path traversal vulnerability Zip Slip in the media archive import feature. An authenticated user with owner-level privileges can craft a malicious ZIP file with...

9.1CVSS0.00401EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/17 9:12 p.m.5 views

CVE-2026-40258

The Gramps Web API is a Python REST API for the genealogical research software Gramps. Versions 1.6.0 through 3.11.0 have a path traversal vulnerability Zip Slip in the media archive import feature. An authenticated user with owner-level privileges can craft a malicious ZIP file with...

9.1CVSS5.9AI score0.00401EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/04/17 9:12 p.m.25 views

CVE-2026-40258 Gramps Web API has Zip Slip Path Traversal in Media Archive Import

The Gramps Web API is a Python REST API for the genealogical research software Gramps. Versions 1.6.0 through 3.11.0 have a path traversal vulnerability Zip Slip in the media archive import feature. An authenticated user with owner-level privileges can craft a malicious ZIP file with...

9.1CVSS0.00401EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/17 12:0 a.m.11 views

Gramps Web API 安全漏洞

Gramps Web API is a backend API for genealogy data querying and management, open-sourced by the Gramps Project. Versions of Gramps Web API from 1.6.0 to 3.11.0 contained security vulnerabilities. These vulnerabilities were caused by path traversal in the media archive import function, which could...

9.1CVSS5.9AI score0.00401EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/04/10 9:0 p.m.9 views

gramps-webapi: Zip Slip Path Traversal in Media Archive Import

Summary A path traversal vulnerability Zip Slip exists in the media archive import feature. An authenticated user with owner-level privileges can craft a malicious ZIP file with directory-traversal filenames to write arbitrary files outside the intended temporary extraction directory on the...

9.1CVSS5.9AI score0.00401EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/10 12:0 a.m.5 views

PT-2026-32053

Name of the Vulnerable Software and Affected Versions gramps-webapi affected versions not specified Description A path traversal vulnerability Zip Slip exists in the media archive import feature. An authenticated user with owner-level privileges can craft a malicious ZIP file with...

9.1CVSS5.9AI score0.00401EPSS
Exploits0References13
RedhatCVE
RedhatCVE
added 2026/03/04 7:44 p.m.7 views

CVE-2026-28518

OpenViking versions 0.2.1 and prior, fixed in commit 46b3e76, contain a path traversal vulnerability in the .ovpack import handling that allows attackers to write files outside the intended import directory. Attackers can craft malicious ZIP archives with traversal sequences, absolute paths, or...

8.4CVSS6AI score0.00181EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.23 views

EUVD-2025-21447

Malicious code in bioql PyPI...

6.9CVSS6.4AI score0.00368EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-10971

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.00479EPSS
Exploits1References4
OSV
OSV
added 2025/07/15 6:4 p.m.1 views

GHSA-JJWR-5CFH-7XWH DSpace is vulnerable to XML External Entity injection during archive imports

Impact Two related XXE injection possibilities have been discovered, impacting all versions of DSpace prior to 7.6.4, 8.2 and 9.1. 1. External entities are not disabled when parsing XML files during import of an archive in Simple Archive Format, either from command-line ./dspace import command or...

6.9CVSS6AI score0.00368EPSS
Exploits0References9
Github Security Blog
Github Security Blog
added 2025/07/15 6:4 p.m.9 views

DSpace is vulnerable to XML External Entity injection during archive imports

Impact Two related XXE injection possibilities have been discovered, impacting all versions of DSpace prior to 7.6.4, 8.2 and 9.1. 1. External entities are not disabled when parsing XML files during import of an archive in Simple Archive Format, either from command-line ./dspace import command or...

6.9CVSS6.4AI score0.00368EPSS
Exploits0References9Affected Software1
NVD
NVD
added 2025/07/15 3:15 p.m.32 views

CVE-2025-53622

DSpace open source software is a repository application which provides durable access to digital resources. Prior to versions 7.6.4, 8.2, and 9.1, a path traversal vulnerability is possible during the import of an archive in Simple Archive Format, either from command-line ./dspace import command ...

5.2CVSS0.00404EPSS
Exploits0References7
CVE
CVE
added 2025/04/15 12:50 p.m.58 views

CVE-2025-32944

CVE-2025-32944 affects PeerTube where, if user import is enabled, any authenticated user can upload an archive. The vulnerability stems from the yauzl archive reader: when it encounters an illegal filename, it raises an exception that PeerTube does not catch, causing a crash that repeats on start...

6.5CVSS7.1AI score0.00479EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2023/03/07 12:0 a.m.5 views

XWiki Platform 代码问题漏洞

XWiki Platform is a suite of Wiki platforms for creating Web collaboration applications from the French company XWiki. XWiki Platform suffers from a code issue vulnerability that stems from the fact that any user with document editing privileges can trigger an XAR import on a spoofed XAR file to ...

7.7CVSS7.4AI score0.00746EPSS
Exploits1References4
Rows per page
Query Builder