15898 matches found
CVE-2025-64095
DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to 10.1.1, the default HTML editor provider allows unauthenticated file uploads and images can overwrite existing files. An unauthenticated user can upload and replace existing files...
DNN Insufficient Access Control - Image Upload allows for Site Content Overwrite
Summary The default HTML editor provider allows unauthenticated file uploads and images can overwrite existing files. Description An unauthenticated user can upload and replace existing files allowing defacing a website and combined with other issue, injection XSS payloads...
GHSA-3M8R-W7XG-JQVW DNN Insufficient Access Control - Image Upload allows for Site Content Overwrite
Summary The default HTML editor provider allows unauthenticated file uploads and images can overwrite existing files. Description An unauthenticated user can upload and replace existing files allowing defacing a website and combined with other issue, injection XSS payloads...
SUSE CVE-2025-62725
Docker Compose trusts the path information embedded in remote OCI compose artifacts. When a layer includes the annotations com.docker.compose.extends or com.docker.compose.envfile, Compose joins the attacker-supplied value from com.docker.compose.file/com.docker.compose.envfile with its local cac...
PT-2025-44369
Name of the Vulnerable Software and Affected Versions Versions prior to 2025-62503 Description A user possessing CREATE privilege but lacking UPDATE privilege for Pools, Connections, and Variables can modify existing records through the bulk create API utilizing the overwrite action. This allows...
Arbitrary File Upload
Overview DotNetNuke.Core is a references provider to the DotNetNuke.dll to develop extensions for the DNN Platform. Affected versions of this package are vulnerable to Arbitrary File Upload via the HTML editor provider. An attacker can overwrite existing files and potentially deface a website or...
CVE-2025-64095 DNN Insufficient Access Control - Image Upload allows for Site Content Overwrite
DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to 10.1.1, the default HTML editor provider allows unauthenticated file uploads and images can overwrite existing files. An unauthenticated user can upload and replace existing files...
CVE-2025-64095 DNN Insufficient Access Control - Image Upload allows for Site Content Overwrite
DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to 10.1.1, the default HTML editor provider allows unauthenticated file uploads and images can overwrite existing files. An unauthenticated user can upload and replace existing files...
CVE-2025-64095 DNN Insufficient Access Control - Image Upload allows for Site Content Overwrite
DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to 10.1.1, the default HTML editor provider allows unauthenticated file uploads and images can overwrite existing files. An unauthenticated user can upload and replace existing files...
CVE-2025-64095
Summary (CVE-2025-64095) : DNN (DotNetNuke) versions before 10.1.1 are vulnerable to an unrestricted file upload due to the default HTML editor provider, allowing unauthenticated users to upload and overwrite files. This can enable website defacement and, when combined with other issues, potentia...
CVE-2025-62725
Docker Compose is vulnerable to a path traversal flaw in how it handles OCI artifact layer annotations. When processing remote OCI compose artifacts, Compose trusts attacker-controlled annotation fields such as com.docker.compose.extends and com.docker.compose.envfile. This allows a crafted...
CVE-2025-33131
IBM DB2 High Performance Unload 6.1.0.3, 5.1.0.1, 6.1.0.2, 6.5, 6.5.0.0 IF1, 6.1.0.1, 6.1, and 5.1 could allow an authenticated user to cause the program to crash due to a buffer being overwritten when it is allocated on the stack...
CVE-2025-33131
IBM DB2 High Performance Unload 6.1.0.3, 5.1.0.1, 6.1.0.2, 6.5, 6.5.0.0 IF1, 6.1.0.1, 6.1, and 5.1 could allow an authenticated user to cause the program to crash due to a buffer being overwritten when it is allocated on the stack...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the com.docker.compose.extends or com.docker.compose.envfile annotations in remote OCI artifact layers. An attacker can escape the intended cache directory and overwrite arbitrary files on the host system by...
DEBIAN-CVE-2025-62725
Docker Compose trusts the path information embedded in remote OCI compose artifacts. When a layer includes the annotations com.docker.compose.extends or com.docker.compose.envfile, Compose joins the attacker‑supplied value from com.docker.compose.file/com.docker.compose.envfile with its local cac...
UBUNTU-CVE-2025-62725
Docker Compose trusts the path information embedded in remote OCI compose artifacts. When a layer includes the annotations com.docker.compose.extends or com.docker.compose.envfile, Compose joins the attacker‑supplied value from com.docker.compose.file/com.docker.compose.envfile with its local cac...
CVE-2025-62725
Docker Compose trusts the path information embedded in remote OCI compose artifacts. When a layer includes the annotations com.docker.compose.extends or com.docker.compose.envfile, Compose joins the attacker‑supplied value from com.docker.compose.file/com.docker.compose.envfile with its local cac...
CVE-2025-62725
CVE-2025-62725 affects Docker Compose when resolving remote OCI artifacts. The vulnerability arises from path handling of annotations in OCI layers (com.docker.compose.file and com.docker.compose.envfile), where Docker Compose joins attacker-controlled paths with its local cache directory without...
CVE-2025-62725 Docker Compose Vulnerable to Path Traversal via OCI Artifact Layer Annotations
Docker Compose trusts the path information embedded in remote OCI compose artifacts. When a layer includes the annotations com.docker.compose.extends or com.docker.compose.envfile, Compose joins the attacker‑supplied value from com.docker.compose.file/com.docker.compose.envfile with its local cac...
EUVD-2025-36357
Docker Compose Vulnerable to Path Traversal via OCI Artifact Layer Annotations...