CVE-2026-8750 h2oai h2o-3 ImportFile API PersistNFS.java importFiles information disclosure

A vulnerability was identified in h2oai h2o-3 up to 7402. Affected by this issue is the function importFiles of the file h2o-core/src/main/java/water/persist/PersistNFS.java of the component ImportFile API. Such manipulation leads to information disclosure. The attack can be executed remotely. Th...

PT-2026-41540

Name of the Vulnerable Software and Affected Versions h2oai h2o-3 versions prior to 7402 Description A remote information disclosure issue exists within the ImportFile API. The flaw is located in the importFiles function of the h2o-core/src/main/java/water/persist/PersistNFS.java file...

CVE-2025-41723

The importFile SOAP method is vulnerable to a directory traversal attack. An unauthenticated remote attacker bypass the path restriction and upload files to arbitrary locations...

CVE-2025-41723

The importFile SOAP method is vulnerable to a directory traversal attack. An unauthenticated remote attacker bypass the path restriction and upload files to arbitrary locations...

CVE-2025-41723 Sauter: Directory Traversal in importFile SOAP Method

The importFile SOAP method is vulnerable to a directory traversal attack. An unauthenticated remote attacker bypass the path restriction and upload files to arbitrary locations...

EUVD-2025-35335

The importFile SOAP method is vulnerable to a directory traversal attack. An unauthenticated remote attacker bypass the path restriction and upload files to arbitrary locations...

CVE-2025-41723 Sauter: Directory Traversal in importFile SOAP Method

The importFile SOAP method is vulnerable to a directory traversal attack. An unauthenticated remote attacker bypass the path restriction and upload files to arbitrary locations...

SAUTER多款产品 安全漏洞

SAUTER EY-modulo 5 Building Automation Station is a complete building management solution from SAUTER.Sauter modu680-AS is a modular automation station cum web server from Sauter, Switzerland. A security vulnerability exists in several SAUTER products. The vulnerability stems from the importFile...

EUVD-2021-32240

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2021-45474

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In MediaWiki through 1.37, the Special:ImportFile URI aka FileImporter allows XSS, as demonstrated by the clientUrl parameter. CVE-2021-45474 Note that Nessus...

CVE-2025-5162

A vulnerability, which was classified as critical, has been found in H3C SecCenter SMP-E1114P02 up to 20250513. Affected by this issue is some unknown functionality of the file /safeEvent/importFile/. The manipulation of the argument logGeneralFile/logGeneralFile2 leads to unrestricted upload. Th...

MediaWiki < 1.37.0 Multiple Vulnerabilities

According to its self-reported version number, the instance of MediaWiki hosted on the remote web server is prior to 1.37. It is, therefore, affected by multiple vulnerabilities: - A vulnerability in the handling of theclientURL parameter for the ImportFile page leading to cross site scripting...

Pimcore 路径遍历漏洞

Pimcore is an open source Web content management platform for creating and managing Web applications from the Austrian company Pimcore. The platform integrates Web content management, e-commerce frameworks and product information management applications. pimcore versions prior to 10.3.2 contain a...

UBUNTU-CVE-2021-45474

In MediaWiki through 1.37, the Special:ImportFile URI aka FileImporter allows XSS, as demonstrated by the clientUrl parameter...

SuiteCRM path traversal vulnerability

SuiteCRM, a customer relationship management system from the SuiteCRM Suitecrm team, has a security vulnerability that could allow an attacker to include arbitrary files via the importFile parameter portion of the RefreshMapping import function...

CVE-2021-41596

SuiteCRM before 7.10.33 and 7.11.22 allows information disclosure via Directory Traversal. An attacker can partially include arbitrary files via the importFile parameter of the RefreshMapping import functionality...

Information disclosure

SuiteCRM before 7.10.33 and 7.11.22 allows information disclosure via Directory Traversal. An attacker can partially include arbitrary files via the importFile parameter of the RefreshMapping import functionality...

CVE-2021-41596

Summary of CVE-2021-41596 : SuiteCRM before 7.10.33 and before 7.11.22 is affected by a directory traversal vulnerability in the RefreshMapping import functionality. An attacker can leverage the importFile parameter to partially include arbitrary files, resulting in information disclosure. The is...

SuiteCRM 路径遍历漏洞

SuiteCRM, a customer relationship management system from the SuiteCRM Suitecrm team, has a security vulnerability that could allow an attacker to include arbitrary files via the importFile parameter portion of the RefreshMapping import function...

PT-2021-23358 · Suitecrm · Suitecrm

Name of the Vulnerable Software and Affected Versions: SuiteCRM versions prior to 7.10.33 SuiteCRM versions prior to 7.11.22 Description: The issue allows information disclosure via Directory Traversal. An attacker can partially include arbitrary files via the importFile parameter of the...