4 matches found
EUVD-2026-33749
Kiteworks is a private data network PDN. Prior to version 9.3.0, a reflected XSS vulnerability in Kiteworks Secure Data Forms could allow an external attacker to trick a user into executing arbitrary JavaScript code. Upgrade Kiteworks to version 9.3.0 or later to receive a patch...
Arbitrary File Upload
Overview Affected versions of this package are vulnerable to Arbitrary File Upload via the ApiFormUploadController function. An attacker can upload arbitrary files by manipulating the validationrule parameter to bypass all file type and extension restrictions. Note: This is only exploitable if th...
UBUNTU-CVE-2023-50290
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Solr. The Solr Metrics API publishes all unprotected environment variables available to each Apache Solr instance. Users are able to specify which environment variables to hide, however, the default list is designe...
PT-2023-30141
Name of the Vulnerable Software and Affected Versions Saphira Connect versions prior to 9 Description The issue is related to an Incorrect Execution-Assigned Permissions vulnerability, which allows Privilege Escalation in Saphira Connect. Recommendations For versions prior to 9, update to version...