CVE-2026-30234

OpenProject is an open-source, web-based project management software. Prior to 17.2.0, an authenticated project member with BCF import permissions can upload a crafted .bcf archive where the value in markup.bcf is manipulated to contain an absolute or traversal local path for example: /etc/passwd...

CVE-2026-30234 OpenProject BIM BCF XML Import: <Snapshot> Path Traversal Leads to Arbitrary Local File Read (AFR)

OpenProject is an open-source, web-based project management software. Prior to 17.2.0, an authenticated project member with BCF import permissions can upload a crafted .bcf archive where the value in markup.bcf is manipulated to contain an absolute or traversal local path for example: /etc/passwd...

CVE-2026-30234 OpenProject BIM BCF XML Import: <Snapshot> Path Traversal Leads to Arbitrary Local File Read (AFR)

OpenProject is an open-source, web-based project management software. Prior to 17.2.0, an authenticated project member with BCF import permissions can upload a crafted .bcf archive where the value in markup.bcf is manipulated to contain an absolute or traversal local path for example: /etc/passwd...

EUVD-2026-11202

OpenProject is an open-source, web-based project management software. Prior to 17.2.0, an authenticated project member with BCF import permissions can upload a crafted .bcf archive where the value in markup.bcf is manipulated to contain an absolute or traversal local path for example: /etc/passwd...

CVE-2026-30234 OpenProject BIM BCF XML Import: <Snapshot> Path Traversal Leads to Arbitrary Local File Read (AFR)

OpenProject is an open-source, web-based project management software. Prior to 17.2.0, an authenticated project member with BCF import permissions can upload a crafted .bcf archive where the value in markup.bcf is manipulated to contain an absolute or traversal local path for example: /etc/passwd...

CVE-2026-30234

OpenProject prior to 17.2.0 is affected. An authenticated project member with BCF import permissions can upload a crafted .bcf archive where the value in markup.bcf is manipulated to contain an absolute or path traversal (e.g., /etc/passwd or ../../../../etc/passwd). During import, this untruste...

VulnCheck KEV: CVE-2024-5334

A local file read vulnerability exists in the stitionai/devika repository, affecting the latest version. The vulnerability is due to improper handling of the 'snapshotpath' parameter in the '/api/get-browser-snapshot' endpoint. An attacker can exploit this vulnerability by crafting a request with...

CVE-2024-5334

A local file read vulnerability exists in the stitionai/devika repository, affecting the latest version. The vulnerability is due to improper handling of the 'snapshotpath' parameter in the '/api/get-browser-snapshot' endpoint. An attacker can exploit this vulnerability by crafting a request with...

CVE-2024-6433

The application zips all the files in the folder specified by the user, which allows an attacker to read arbitrary files on the system by providing a crafted path. This vulnerability can be exploited by sending a request to the application with a malicious snapshotpath parameter...

Exploit for Cross-site Scripting in Flatpress

CVE Submissions Repository This repository contains informati...

PT-2025-2948 · Elastic · Kibana

Name of the Vulnerable Software and Affected Versions: Kibana affected versions not specified Description: An allocation of resources without limits or throttling in Kibana can lead to a crash caused by a specially crafted request to "/api/metrics/snapshot". This can be carried out by users with...

CVE-2024-40422

The snapshotpath parameter in the /api/get-browser-snapshot endpoint in stitionai devika v1 is susceptible to a path traversal attack. An attacker can manipulate the snapshotpath parameter to traverse directories and access sensitive files on the server. This can potentially lead to unauthorized...

CVE-2024-6433 Local File Inclusion in stitionai/devika

The application zips all the files in the folder specified by the user, which allows an attacker to read arbitrary files on the system by providing a crafted path. This vulnerability can be exploited by sending a request to the application with a malicious snapshotpath parameter...

PT-2024-37622 · Devika · Devika

Name of the Vulnerable Software and Affected Versions: devika versions prior to the fixed version Description: The issue allows an attacker to read arbitrary files on the system by providing a crafted path. This can be exploited by sending a request to the application with a malicious snapshot pa...

openSUSE Security Update : samba (openSUSE-2020-122)

This update for samba fixes the following issues : Security issues fixed : - CVE-2019-14907: Fixed a Server-side crash after charset conversion failure during NTLMSSP processing bsc1160888. - CVE-2019-14902: Fixed an issue where automatic replication of ACLs down subtree on AD Directory is not...

Security update for samba (moderate)

openSUSE Security Update: Security update for samba Announcement ID: openSUSE-SU-2020:0122-1 Rating: moderate References: 1141320 1160850 1160852 1160888 Cross-References: CVE-2019-14902 CVE-2019-14907 CVE-2019-19344 Affected Products: openSUSE Leap 15.1 An update that solves three vulnerabilitie...

Microsoft Access (Snapview.ocx 10.0.5529.0) ActiveX Remote Exploit

No description provided by source. / Microsoft Access Snapshot Viewer ActiveX Control Exploit Ms-Acees SnapShot Exploit Snapview.ocx v 10.0.5529.0 Download nice binaries into an arbitrary box Vulnerability discovered by Oliver Lavery http://www.securityfocus.com/bid/8536/info Remote: Yes greetz t...