12 matches found
EUVD-2025-2664
Malicious code in bioql PyPI...
Atheos 安全漏洞
Atheos is an open source browser-based self-hosted cloud IDE from Atheos. A security vulnerability exists in Atheos versions prior to 6.0.4, which stems from parameter injection and could lead to arbitrary command execution...
Important: Red Hat Security Advisory: Red Hat OpenShift Dev Spaces 3.21.0 release
Red Hat OpenShift Dev Spaces 3.21 has been released. All containers have been updated to include feature enhancements, bug fixes and CVE fixes. Red Hat OpenShift Dev Spaces provides a cloud developer workspace server and a browser-based IDE built for teams and organizations. Dev Spaces runs in...
CVE-2025-47788
Atheos is a self-hosted browser-based cloud IDE. Prior to v602, similar to GHSA-rgjm-6p59-537v/CVE-2025-22152, the $target parameter in /controller.php was not properly validated, which could allow an attacker to execute arbitrary files on the server via path traversal. v602 contains a fix for th...
CVE-2025-47788 Missing Path Validation Enables Path Traversal in Controller.php
Atheos is a self-hosted browser-based cloud IDE. Prior to v602, similar to GHSA-rgjm-6p59-537v/CVE-2025-22152, the $target parameter in /controller.php was not properly validated, which could allow an attacker to execute arbitrary files on the server via path traversal. v602 contains a fix for th...
CVE-2025-47788 Missing Path Validation Enables Path Traversal in Controller.php
Atheos is a self-hosted browser-based cloud IDE. Prior to v602, similar to GHSA-rgjm-6p59-537v/CVE-2025-22152, the $target parameter in /controller.php was not properly validated, which could allow an attacker to execute arbitrary files on the server via path traversal. v602 contains a fix for th...
CVE-2025-22152
Atheos is a self-hosted browser-based cloud IDE. Prior to v600, the $path and $target parameters are not properly validated across multiple components, allowing an attacker to read, modify, or execute arbitrary files on the server. These vulnerabilities can be exploited through various attack...
CVE-2025-22152 Improper Path Validation Enables Path Traversal in Multiple Components in Atheos
Atheos is a self-hosted browser-based cloud IDE. Prior to v600, the $path and $target parameters are not properly validated across multiple components, allowing an attacker to read, modify, or execute arbitrary files on the server. These vulnerabilities can be exploited through various attack...
GHSA-M5JC-R4GF-C6P8 Arduino Create Agent path traversal - arbitrary file deletion vulnerability
Impact The vulnerability affects the endpoint /v2/pkgs/tools/installed and the way it handles plugin names supplied as user input. A user who has the ability to perform HTTP requests to the localhost interface, or is able to bypass the CORS configuration, can delete arbitrary files or folders...
Arduino Create Agent path traversal - arbitrary file deletion vulnerability
Impact The vulnerability affects the endpoint /v2/pkgs/tools/installed and the way it handles plugin names supplied as user input. A user who has the ability to perform HTTP requests to the localhost interface, or is able to bypass the CORS configuration, can delete arbitrary files or folders...
Arduino Create Agent path traversal - local privilege escalation vulnerability
Impact The vulnerability affects the endpoint /upload which handles request with the filename parameter. A user who has the ability to perform HTTP requests to the localhost interface, or is able to bypass the CORS configuration, can escalate his privileges to those of the user running the Arduin...
Arduino Create Agent path traversal - arbitrary file deletion vulnerability
Impact The vulnerability affects the endpoint /v2/pkgs/tools/installed and the way it handles plugin names supplied as user input. A user who has the ability to perform HTTP requests to the localhost interface, or is able to bypass the CORS configuration, can delete arbitrary files or folders...