Open WebUI 路径遍历漏洞

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI that is open source. Versions of Open WebUI prior to 0.1.124 contained a path traversal vulnerability. This vulnerability occurred when files were attached in messages, where the file names originated from the original...

CVE-2025-64712

The unstructured library provides open-source components for ingesting and pre-processing images and text documents, such as PDFs, HTML, Word docs, and many more. Prior to version 0.18.18, a path traversal vulnerability in the partitionmsg function allows an attacker to write or overwrite arbitra...

CVE-2025-64712

CVE-2025-64712 affects the Unstructured library. Prior to version 0.18.18, a path traversal flaw in the partition_msg function enables writing or overwriting arbitrary files when processing malicious MSG attachments. The issue has been patched in version 0.18.18. Affected scope and impact are des...

EUVD-2025-206785

The unstructured library provides open-source components for ingesting and pre-processing images and text documents, such as PDFs, HTML, Word docs, and many more. Prior to version 0.18.18, a path traversal vulnerability in the partitionmsg function allows an attacker to write or overwrite arbitra...

CVE-2020-37090

School ERP Pro 1.0 contains a file upload vulnerability that allows students to upload arbitrary PHP files to the messaging system. Attackers can upload malicious PHP scripts through the message attachment feature, enabling remote code execution on the server...

CVE-2020-37090

School ERP Pro 1.0 contains a file upload vulnerability that allows students to upload arbitrary PHP files to the messaging system. Attackers can upload malicious PHP scripts through the message attachment feature, enabling remote code execution on the server...

CVE-2020-37090 School ERP Pro 1.0 - Remote Code Execution

School ERP Pro 1.0 contains a file upload vulnerability that allows students to upload arbitrary PHP files to the messaging system. Attackers can upload malicious PHP scripts through the message attachment feature, enabling remote code execution on the server...

CVE-2020-37090

CVE-2020-37090 affects School ERP Pro 1.0. The vulnerability resides in the message-attachment file upload, which can be exploited to upload arbitrary PHP files, enabling remote code execution on the server. Root cause evidenced in the connected PT-2026-5840 entry: inadequate validation/verificat...

Unstructured has Path Traversal via Malicious MSG Attachment that Allows Arbitrary File Write

A Path Traversal vulnerability in the partitionmsg function allows an attacker to write or overwrite arbitrary files on the filesystem when processing malicious MSG files with attachments. Impact An attacker can craft a malicious .msg file with attachment filenames containing path traversal...

PT-2026-5943

Name of the Vulnerable Software and Affected Versions Unstructured versions prior to 0.18.18 Description The Unstructured library, used for ingesting and pre-processing various document types like PDFs, HTML, Word documents, and images, contains a path traversal vulnerability in the partition msg...

PT-2026-5840

Name of the Vulnerable Software and Affected Versions School ERP Pro version 1.0 Description School ERP Pro 1.0 has a file upload issue that permits students to upload arbitrary PHP files to the messaging system. Attackers can upload malicious PHP scripts via the message attachment feature, leadi...

EUVD-2016-2883

Malware in sbrugna...

EUVD-2019-0728

Malware in sbrugna...

EUVD-2022-3066

Malicious code in bioql PyPI...

EUVD-2023-2285

Malicious code in bioql PyPI...

Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities

Summary IBM Security Guardium has fixed these vulnerabilities. Vulnerability Details CVEID:CVE-2021-39077 DESCRIPTION: IBM Security Guardium stores user credentials in plain clear text which can be read by a local privileged user. CVSS Base score: 4.4 CVSS Temporal Score: See:...

Samsung adds Message Guard protection against zero-click exploits

Samsung has announced the introduction of Message Guard for the Samsung Galaxy S23 series. It will be gradually rolled out to other Galaxy smartphones and tablets later this year. Message Guard works on images received in messages by the apps "Samsung Messages" and "Messages by Google" and...

Security Bulletin: Vulnerability in Apache CXF affects Liberty for Java for IBM Cloud(CVE-2019-12406)

Summary There is a denial of service in the Apache CXF library used by WebSphere Application Server. This has been addressed. Vulnerability Details CVEID:CVE-2019-12406 DESCRIPTION: Apache CXF is vulnerable to a denial of service, caused by the failure to restrict the number of message attachment...

CVE-2022-29454

Cross-Site Request Forgery CSRF vulnerability in WordPlus Better Messages plugin = 1.9.9.148 at WordPress allows attackers to upload files. File attachment to messages must be activated...

Security Bulletin: Vulnerability in Apache CXF affects WebSphere Application Server (CVE-2019-12406)

Summary There is a denial of service in the Apache CXF library used by WebSphere Application Server. This has been addressed. Vulnerability Details CVEID: CVE-2019-12406 DESCRIPTION: Apache CXF before 3.3.4 and 3.2.11 does not restrict the number of message attachments present in a given message...