CVE-2024-30146 – HCL Domino Leap Unauthenticated Server-Side File Inclusion

April 30, 2025

CVE ID : CVE-2024-30146

Published : April 30, 2025, 10:15 p.m. | 54 minutes ago

Description : Improper access control of endpoint in HCL Domino Leap
allows certain admin users to import applications from the
server’s filesystem.

Severity: 4.1 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-4140 – Netgear EX6120 Remote Buffer Overflow Vulnerability

Next Article CVE-2024-30145 – IBM HCL Domino Volt and Domino Leap Client-Side Script Injection Vulnerability

Highlights

CVE-2025-49008 – Atheos Command Injection Vulnerability

June 4, 2025

CVE ID : CVE-2025-49008

Published : June 5, 2025, 1:15 a.m. | 2 hours, 23 minutes ago

Description : Atheos is a self-hosted browser-based cloud integrated development environment. Prior to version 6.0.4, improper use of `escapeshellcmd()` in `/components/codegit/traits/execute.php` allows argument injection, leading to arbitrary command execution. Atheos administrators and users of vulnerable versions are at risk of data breaches or server compromise. Version 6.0.4 introduces a `Common::safe_execute` function that sanitizes all arguments using `escapeshellarg()` prior to execution and migrated all components potentially vulnerable to similar exploits to use this new templated execution system.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CodeSOD: Functionally, a Date

Creating Elastic And Bounce Effects With Expressive Animator

Microsoft shares Insiders preview of Visual Studio 2026

From Data To Decisions: UX Strategies For Real-Time Dashboards

DistroWatch Weekly, Issue 1139

Building personal apps with open source and AI

What Can We Actually Do With corner-shape?

Craft, Clarity, and Care: The Story and Work of Mengchu Yao

Can I use React Server Components (RSCs) today?

Can I use React Server Components (RSCs) today?

Perficient Named among Notable Providers in Forrester’s Q3 2025 Commerce Services Landscape

Sarah McDowell Helps Clients Build a Strong AI Foundation Through Salesforce

I Ran Local LLMs on My Android Phone

I Ran Local LLMs on My Android Phone

DistroWatch Weekly, Issue 1139

sudo vs sudo-rs: What You Need to Know About the Rust Takeover of Classic Sudo Command

CVE-2024-30146 – HCL Domino Leap Unauthenticated Server-Side File Inclusion

Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories

Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass

CVE-2025-52813 – MobiLoud Missing Authorization Vulnerability

CVE-2025-3864 – Hackney HTTP Connection Pool Exhaustion Vulnerability

Rubikverse – Online Rubik’s Cube Solvers, Simulators & Tutorials

CVE-2025-8245 – Totolink X15 HTTP POST Request Handler Buffer Overflow Vulnerability

CVE-2025-49008 – Atheos Command Injection Vulnerability

Fable May Not Launch in 2026 After All, Xbox Insider Hints at 2027 Release

AWS Field Experience reduced cost and delivered low latency and high performance with Amazon Nova Lite foundation model

Copilot on Windows 11 is gaining the ability to see and interact with your apps — but only when you ask it to

CVE-2024-30146 – HCL Domino Leap Unauthenticated Server-Side File Inclusion

Related Posts