36 matches found
CVE-2026-34026
Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains a path traversal vulnerability in the documentName parameter of the /safe/selfservice/openselfservicedocument endpoint. The application constructs a file path using attacker-controlled input without sufficient validation,...
EUVD-2026-36709
Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains a path traversal vulnerability in the documentName parameter of the /safe/selfservice/openselfservicedocument endpoint. The application constructs a file path using attacker-controlled input without sufficient validation,...
CVE-2026-34026 Path traversal in Wertheim SafeController Software allows authenticated users to download arbitrary files
Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains a path traversal vulnerability in the documentName parameter of the /safe/selfservice/openselfservicedocument endpoint. The application constructs a file path using attacker-controlled input without sufficient validation,...
CVE-2026-34026
CVE-2026-34026 concerns Wertheim SafeController Software (AssemblyVersion 6.15.8328.28014). The vulnerability is a path traversal in the /safe/selfservice/openselfservicedocument endpoint, where the application builds a file path from attacker-controlled input in the documentName parameter withou...
CVE-2026-7314 eiceblue spire-doc-mcp-server base.py get_doc_path path traversal
A vulnerability was detected in eiceblue spire-doc-mcp-server 1.0.0. This affects the function getdocpath of the file src/spiredocmcp/api/base.py. Performing a manipulation of the argument documentname results in path traversal. The attack can be initiated remotely. The exploit is now public and...
EUVD-2026-26151
A vulnerability was detected in eiceblue spire-doc-mcp-server 1.0.0. This affects the function getdocpath of the file src/spiredocmcp/api/base.py. Performing a manipulation of the argument documentname results in path traversal. The attack can be initiated remotely. The exploit is now public and...
Spire.Doc MCP Server 路径遍历漏洞
Spire.Doc MCP Server is a tool provided by E-iceblue Product Family for individual developers, allowing them to work with Word documents without using Microsoft Word. Version 1.0.0 of Spire.Doc MCP Server contains a path traversal vulnerability. This vulnerability arises from the operation of the...
Cross-site Scripting (XSS)
Overview taguette is a Free and open source qualitative research tool Affected versions of this package are vulnerable to Cross-site Scripting XSS via the tag name, tag description, document name and document description. An attacker can execute arbitrary JavaScript code in the context of another...
CVE-2025-62528 Taguette cross-site scripting vulnerability via tag name, tag description, document name and document description
Taguette is an open source qualitative research tool. An issue has been discovered in Taguette versions prior to 1.5.0. It was possible for a project member to put JavaScript in name or description fields which would run on project load. This issue has been patched in version 1.5.0...
CVE-2025-62528 Taguette cross-site scripting vulnerability via tag name, tag description, document name and document description
Taguette is an open source qualitative research tool. An issue has been discovered in Taguette versions prior to 1.5.0. It was possible for a project member to put JavaScript in name or description fields which would run on project load. This issue has been patched in version 1.5.0...
CVE-2025-62528 Taguette cross-site scripting vulnerability via tag name, tag description, document name and document description
Taguette is an open source qualitative research tool. An issue has been discovered in Taguette versions prior to 1.5.0. It was possible for a project member to put JavaScript in name or description fields which would run on project load. This issue has been patched in version 1.5.0...
EUVD-2021-24154
Malware in sbrugna...
CVE-2021-35343
Cross-Site Request Forgery CSRF vulnerability in the /op/op.Ajax.php in SeedDMS v5.1.x5.1.23 and v6.0.x6.0.16 allows a remote attacker to edit document name without victim's knowledge, by enticing an authenticated user to visit an attacker's web page...
CVE-2025-45754
A stored cross-site scripting XSS vulnerability exists in SeedDMS 6.0.32. This vulnerability allows an attacker to inject malicious JavaScript payloads by creating a document with an XSS payload as the document name...
CVE-2025-45754
A stored cross-site scripting XSS vulnerability exists in SeedDMS 6.0.32. This vulnerability allows an attacker to inject malicious JavaScript payloads by creating a document with an XSS payload as the document name...
PT-2025-22403
Name of the Vulnerable Software and Affected Versions SeedDMS version 6.0.32 Description A stored cross-site scripting XSS issue exists, allowing an attacker to inject malicious JavaScript payloads by creating a document with an XSS payload as the document name. Recommendations For SeedDMS versio...
CVE-2025-45754
A stored cross-site scripting XSS vulnerability exists in SeedDMS 6.0.32. This vulnerability allows an attacker to inject malicious JavaScript payloads by creating a document with an XSS payload as the document name...
CVE-2025-45754
A stored cross-site scripting XSS vulnerability exists in SeedDMS 6.0.32. This vulnerability allows an attacker to inject malicious JavaScript payloads by creating a document with an XSS payload as the document name...
XWiki Platform Cross-Site Scripting Vulnerability
XWiki Platform is a suite of Wiki platforms for creating collaborative Web applications from the XWiki Foundation in France. A security vulnerability exists in XWiki Platform that stems from the fact that XWiki is susceptible to a reflective cross-site scripting attack when validating the name of...
CVE-2023-34088
Collabora Online is a collaborative online office suite. A stored cross-site scripting XSS vulnerability was found in Collabora Online prior to versions 22.05.13, 21.11.9.1, and 6.4.27. An attacker could create a document with an XSS payload as a document name. Later, if an administrator opened t...