CVE-2025-13428

A vulnerability exists in the SecOps SOAR server. The custom integrations feature allowed an authenticated user with an "IDE role" to achieve Remote Code Execution RCE in the server. The flaw stemmed from weak validation of uploaded Python package code. An attacker could upload a package containi...

CVE-2025-13428

A vulnerability exists in the SecOps SOAR server. The custom integrations feature allowed an authenticated user with an "IDE role" to achieve Remote Code Execution RCE in the server. The flaw stemmed from weak validation of uploaded Python package code. An attacker could upload a package containi...

CVE-2021-3152

Home Assistant before 2021.1.3 does not have a protection layer that can help to prevent directory-traversal attacks against custom integrations. NOTE: the vendor's perspective is that the vulnerability itself is in custom integrations written by third parties, not in Home Assistant; however, Hom...

Fides Code Issues Vulnerabilities

Fides is an open source privacy engineering platform for managing the implementation of data privacy requests in a runtime environment and the enforcement of privacy regulations in code. A security vulnerability exists in versions of Fides prior to 2.22.1 that stems from allowing custom...

CVE-2023-41319

Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in a runtime environment, and the enforcement of privacy regulations in code. The Fides webserver API allows custom integrations to be uploaded as a ZIP file. This ZIP file must contain YAML...

PT-2023-27904 · Fides · Fides

Name of the Vulnerable Software and Affected Versions: Fides versions 2.11.0 through 2.19.0 Description: The Fides webserver API allows custom integrations to be uploaded as a ZIP file, which can contain YAML files and custom Python code. The custom code is executed in a restricted environment, b...

Home Assistant < 2021.1.3 Path Traversal Vulnerability

Home Assistant instances using custom integrations are prone to a path traversal vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

CVE-2021-3152

Home Assistant before 2021.1.3 does not have a protection layer that can help to prevent directory-traversal attacks against custom integrations. NOTE: the vendor's perspective is that the vulnerability itself is in custom integrations written by third parties, not in Home Assistant; however, Hom...

Directory traversal

DISPUTED Home Assistant before 2021.1.3 does not have a protection layer that can help to prevent directory-traversal attacks against custom integrations. NOTE: the vendor's perspective is that the vulnerability itself is in custom integrations written by third parties, not in Home Assistant;...

CVE-2021-3152

Home Assistant before 2021.1.3 does not have a protection layer that can help to prevent directory-traversal attacks against custom integrations. NOTE: the vendor's perspective is that the vulnerability itself is in custom integrations written by third parties, not in Home Assistant; however, Hom...

PT-2021-19401

Name of the Vulnerable Software and Affected Versions Home Assistant versions prior to 2021.1.3 Description The issue is related to a lack of protection against directory-traversal attacks in custom integrations. It is noted that the vendor views the vulnerability as being in custom integrations...

Empowering Developers: How Unfiltered Data and Custom Integrations Became a Foundation for Carbon Black

Today, we’re hosting our first-ever Developer Day from the sold-out CbConnect18 conference in New York. The day features in-depth, technical workshops to accelerate developers’ ability to extend Carbon Black’s open cloud platform to improve the security stack. The way I see it, this day is years ...

DUO-PSA-2015-001: Duo Product Security Advisory

Duo Product Security Advisory Advisory ID: DUO-PSA-2015-001 Original Publication Date: 2015-02-03 Revision Date: 2015-02-10 Status: Confirmed, Fixed Document Revision: 3 Overview Duo Security has identified an issue in certain versions of the Duo Web SDK that could allow attackers to bypass prima...

DUO-PSA-2015-001: Duo Product Security Advisory

Duo Product Security Advisory Advisory ID: DUO-PSA-2015-001 Original Publication Date: 2015-02-03 Revision Date: 2015-02-10 Status: Confirmed, Fixed Document Revision: 3 Overview Duo Security has identified an issue in certain versions of the Duo Web SDK that could allow attackers to bypass prima...