42 matches found
EUVD-2026-11691
Tolgee is an open-source localization platform. Prior to 3.166.3, the XML parsers used for importing Android XML resources .xml and .resx files don't disable external entity processing. An authenticated user who can import translation files into a project can exploit this to read arbitrary files...
EUVD-2021-12897
Malware in sbrugna...
EUVD-2021-30803
Malicious code in bioql PyPI...
EUVD-2019-6089
Malicious code in bioql PyPI...
cheeseimporterswarehouse.com Cross Site Scripting vulnerability OBB-3597749
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Atlassian Jira < 6.0.5 Multiple Vulnerabilities
According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to 6.0.5. It is, therefore, affected by multiple vulnerabilities: - A directory traversal in the Importers Plugin which permits remote attackers to create arbitrary files...
WooCommerce < 6.2.1 - Path Traversal via Importers
The plugin does not properly check for path traversal when importing tax rates. There are limited details at this stage and this advisory will be updated later on...
Atlassian Jira Server jira-importers-plugin跨站请求伪造漏洞
Atlassian Jira Service is the server version of an IT service desk and request tracking system from Atlassian Australia. Atlassian Jira Server jira-importers-plugin is vulnerable to cross-site request forgery, which stems from jira-importers-plugin being misconfigured with XSRF protection. An...
CVE-2021-43941
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to modify several resources including CsvFieldMappingsPage.jspa and ImporterValueMappingsPage.jspa via a Cross-Site Request Forgery CSRF vulnerability in the jira-importers-plugin. The affected versions are before...
CVE-2021-43941
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to modify several resources including CsvFieldMappingsPage.jspa and ImporterValueMappingsPage.jspa via a Cross-Site Request Forgery CSRF vulnerability in the jira-importers-plugin. The affected versions are before...
CVE-2020-23478
Leo Editor v6.2.1 was discovered to contain a regular expression denial of service ReDoS vulnerability in the component plugins/importers/dart.py...
PYSEC-2021-338
Leo Editor v6.2.1 was discovered to contain a regular expression denial of service ReDoS vulnerability in the component plugins/importers/dart.py...
CVE-2020-23478
CVE-2020-23478 affects Leo Editor v6.2.1 with a regular expression Denial of Service (ReDoS) vulnerability in the component plugins/importers/dart.py. The connected documents confirm this root cause but do not provide details on affected versions beyond v6.2.1, exploit methods, impact scope, or a...
CVE-2021-26075
The Jira importers plugin AttachTemporaryFile rest resource in Jira Server and Data Center before version 8.5.12, from version 8.6.0 before 8.13.4, and from version 8.14.0 before 8.15.1 allowed remote authenticated attackers to obtain the full path of the Jira application data directory via an...
CVE-2021-26075
The Jira importers plugin AttachTemporaryFile rest resource in Jira Server and Data Center before version 8.5.12, from version 8.6.0 before 8.13.4, and from version 8.14.0 before 8.15.1 allowed remote authenticated attackers to obtain the full path of the Jira application data directory via an...
Information disclosure
The Jira importers plugin AttachTemporaryFile rest resource in Jira Server and Data Center before version 8.5.12, from version 8.6.0 before 8.13.4, and from version 8.14.0 before 8.15.1 allowed remote authenticated attackers to obtain the full path of the Jira application data directory via an...
CVE-2021-26075
CVE-2021-26075 affects Atlassian Jira Server/Data Center: the AttachTemporaryFile REST resource allows remote authenticated attackers to disclose the full path of the Jira application data directory via an error message when an invalid filename is provided. Affected versions are before 8.5.12, fr...
CVE-2021-26075
The Jira importers plugin AttachTemporaryFile rest resource in Jira Server and Data Center before version 8.5.12, from version 8.6.0 before 8.13.4, and from version 8.14.0 before 8.15.1 allowed remote authenticated attackers to obtain the full path of the Jira application data directory via an...
Full path information disclose via invalid filename error message - CVE-2021-26075
The Jira importers plugin AttachTemporaryFile rest resource in Jira Server and Data Center before version 8.5.12, from version 8.6.0 before 8.13.4, and from version 8.14.0 before 8.15.1 allowed remote authenticated attackers to obtain the full path of the Jira application data directory via an...
Full path information disclose via invalid filename error message - CVE-2021-26075
The Jira importers plugin AttachTemporaryFile rest resource in Jira Server and Data Center before version 8.5.12, from version 8.6.0 before 8.13.4, and from version 8.14.0 before 8.15.1 allowed remote authenticated attackers to obtain the full path of the Jira application data directory via an...