20 matches found
CVE-2026-41419
4ga Boards is a boards system for realtime project management. Prior to 3.3.5, a path traversal vulnerability allows an authenticated user with board import privileges to make the server ingest arbitrary host files as board attachments during BOARDS archive import. Once imported, the file can be...
CVE-2026-41419 4ga Boards: Import Path Traversal Leads to Arbitrary File Read
4ga Boards is a boards system for realtime project management. Prior to 3.3.5, a path traversal vulnerability allows an authenticated user with board import privileges to make the server ingest arbitrary host files as board attachments during BOARDS archive import. Once imported, the file can be...
EUVD-2026-25613
4ga Boards is a boards system for realtime project management. Prior to 3.3.5, a path traversal vulnerability allows an authenticated user with board import privileges to make the server ingest arbitrary host files as board attachments during BOARDS archive import. Once imported, the file can be...
CVE-2026-41419
The CVE describes a path traversal vulnerability in 4ga Boards prior to version 3.3.5. An authenticated user with board import privileges can cause the server to ingest arbitrary host files as board attachments during a BOARDS archive import. Once imported, those files may be downloaded via the s...
PT-2026-35064
Name of the Vulnerable Software and Affected Versions 4ga Boards versions prior to 3.3.5 Description A path traversal issue allows an authenticated user with board import privileges to force the server to ingest arbitrary host files as board attachments during the BOARDS archive import process...
4ga Boards 路径遍历漏洞
4ga Boards is a real-time project management dashboard system developed by RAR Personal Developers. Versions of 4ga Boards prior to 3.3.5 contained a path traversal vulnerability. This vulnerability stemmed from path traversal during the import of BOARDS archives, which could lead to unauthorized...
CVE-2026-40258
The Gramps Web API is a Python REST API for the genealogical research software Gramps. Versions 1.6.0 through 3.11.0 have a path traversal vulnerability Zip Slip in the media archive import feature. An authenticated user with owner-level privileges can craft a malicious ZIP file with...
CVE-2026-40258
The Gramps Web API is a Python REST API for the genealogical research software Gramps. Versions 1.6.0 through 3.11.0 have a path traversal vulnerability Zip Slip in the media archive import feature. An authenticated user with owner-level privileges can craft a malicious ZIP file with...
CVE-2026-40258 Gramps Web API has Zip Slip Path Traversal in Media Archive Import
The Gramps Web API is a Python REST API for the genealogical research software Gramps. Versions 1.6.0 through 3.11.0 have a path traversal vulnerability Zip Slip in the media archive import feature. An authenticated user with owner-level privileges can craft a malicious ZIP file with...
Gramps Web API 安全漏洞
Gramps Web API is a backend API for genealogy data querying and management, open-sourced by the Gramps Project. Versions of Gramps Web API from 1.6.0 to 3.11.0 contained security vulnerabilities. These vulnerabilities were caused by path traversal in the media archive import function, which could...
gramps-webapi: Zip Slip Path Traversal in Media Archive Import
Summary A path traversal vulnerability Zip Slip exists in the media archive import feature. An authenticated user with owner-level privileges can craft a malicious ZIP file with directory-traversal filenames to write arbitrary files outside the intended temporary extraction directory on the...
PT-2026-32053
Name of the Vulnerable Software and Affected Versions gramps-webapi affected versions not specified Description A path traversal vulnerability Zip Slip exists in the media archive import feature. An authenticated user with owner-level privileges can craft a malicious ZIP file with...
CVE-2026-28518
OpenViking versions 0.2.1 and prior, fixed in commit 46b3e76, contain a path traversal vulnerability in the .ovpack import handling that allows attackers to write files outside the intended import directory. Attackers can craft malicious ZIP archives with traversal sequences, absolute paths, or...
EUVD-2025-21447
Malicious code in bioql PyPI...
EUVD-2025-10971
Malicious code in bioql PyPI...
GHSA-JJWR-5CFH-7XWH DSpace is vulnerable to XML External Entity injection during archive imports
Impact Two related XXE injection possibilities have been discovered, impacting all versions of DSpace prior to 7.6.4, 8.2 and 9.1. 1. External entities are not disabled when parsing XML files during import of an archive in Simple Archive Format, either from command-line ./dspace import command or...
DSpace is vulnerable to XML External Entity injection during archive imports
Impact Two related XXE injection possibilities have been discovered, impacting all versions of DSpace prior to 7.6.4, 8.2 and 9.1. 1. External entities are not disabled when parsing XML files during import of an archive in Simple Archive Format, either from command-line ./dspace import command or...
CVE-2025-53622
DSpace open source software is a repository application which provides durable access to digital resources. Prior to versions 7.6.4, 8.2, and 9.1, a path traversal vulnerability is possible during the import of an archive in Simple Archive Format, either from command-line ./dspace import command ...
CVE-2025-32944
CVE-2025-32944 affects PeerTube where, if user import is enabled, any authenticated user can upload an archive. The vulnerability stems from the yauzl archive reader: when it encounters an illegal filename, it raises an exception that PeerTube does not catch, causing a crash that repeats on start...
XWiki Platform 代码问题漏洞
XWiki Platform is a suite of Wiki platforms for creating Web collaboration applications from the French company XWiki. XWiki Platform suffers from a code issue vulnerability that stems from the fact that any user with document editing privileges can trigger an XAR import on a spoofed XAR file to ...