9 matches found
CVE-2026-2251
Improper limitation of a pathname to a restricted directory Path Traversal vulnerability in Xerox FreeFlow Core allows unauthorized path traversal leading to RCE. This issue affects Xerox FreeFlow Core versions up to and including 8.0.7. Please consider upgrading to FreeFlow Core version 8.1.0 vi...
EUVD-2026-9015
An XML External Entity XXE vulnerability allows malicious user to perform Server-Side Request Forgery SSRF via crafted XML input containing malicious external entity references. This issue affects Xerox FreeFlow Core versions up to and including 8.0.7. Please consider upgrading to FreeFlow Core...
CVE-2026-2252
An XML External Entity XXE vulnerability allows malicious user to perform Server-Side Request Forgery SSRF via crafted XML input containing malicious external entity references. This issue affects Xerox FreeFlow Core versions up to and including 8.0.7. Please consider upgrading to FreeFlow Core...
CVE-2026-2251
Improper limitation of a pathname to a restricted directory Path Traversal vulnerability in Xerox FreeFlow Core allows unauthorized path traversal leading to RCE. This issue affects Xerox FreeFlow Core versions up to and including 8.0.7. Please consider upgrading to FreeFlow Core version 8.1.0 vi...
Security Bulletin: IBM Storage Ceph is vulnerable to an Infinite Loop in Grafana (CVE-2024-24786)
Summary Grafana is used by IBM Storage Ceph as a metrics dashboard. CVE-2024-24786 This bulletin identifies the steps to take to address the vulnerability in Grafana. Vulnerability Details CVEID:CVE-2024-24786 DESCRIPTION: The protojson.Unmarshal function can enter an infinite loop when...
📄 Grokability Snipe-IT 8.0.4 Insecure Direct Object Reference
Grokability Snipe-IT versions 8.0.4 and below suffer from an insecure direct object reference vulnerability. Exploit Title: Grokability Snipe-IT 8.0.4 - Insecure Direct Object Reference IDOR Google Dork: N/A Date: 2025-05-02 Exploit Author: Sn1p3r-H4ck3r Siripong Jintung Vendor Homepage:...
PT-2024-5230 · Apache · Apache Traffic Server
Name of the Vulnerable Software and Affected Versions: Apache Traffic Server versions 8.0.0 through 8.1.10 Apache Traffic Server versions 9.0.0 through 9.2.4 Description: The issue arises from Apache Traffic Server forwarding malformed HTTP chunked trailer sections to origin servers, which can be...
PT-2023-26996 · Unknown · Prestashop
Name of the Vulnerable Software and Affected Versions: PrestaShop versions prior to 8.1.1 Description: The issue allows files to be compromised using path traversal by replaying the import file deletion query with a specified file path that uses the traversal path in the back office. There are no...
PT-2023-16558 · Hypr · Hypr Workforce Access
Name of the Vulnerable Software and Affected Versions: HYPR Workforce Access versions 6.12 through 8.1 Description: The issue is related to an Incorrect Permission Assignment for Critical Resource vulnerability in HYPR Workforce Access on MacOS, allowing Privilege Escalation. Recommendations: For...