CVE-2024-30146 – HCL Domino Leap Unauthenticated Server-Side File Inclusion

April 30, 2025

CVE ID : CVE-2024-30146

Published : April 30, 2025, 10:15 p.m. | 54 minutes ago

Description : Improper access control of endpoint in HCL Domino Leap
allows certain admin users to import applications from the
server’s filesystem.

Severity: 4.1 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-4140 – Netgear EX6120 Remote Buffer Overflow Vulnerability

Next Article CVE-2024-30145 – IBM HCL Domino Volt and Domino Leap Client-Side Script Injection Vulnerability

Highlights

CVE-2025-34045 – WeiPHP WeChat Public Account Path Traversal Vulnerability

June 26, 2025

CVE ID : CVE-2025-34045

Published : June 26, 2025, 4:15 p.m. | 51 minutes ago

Description : A path traversal vulnerability exists in WeiPHP 5.0, an open source WeChat public account platform development framework by Shenzhen Yuanmengyun Technology Co., Ltd. The flaw occurs in the picUrl parameter of the /public/index.php/material/Material/_download_imgage endpoint, where insufficient input validation allows unauthenticated remote attackers to perform directory traversal via crafted POST requests. This enables arbitrary file read on the server, potentially exposing sensitive information such as configuration files and source code.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Upwork Freelancers vs Dedicated React.js Teams: What’s Better for Your Project in 2025?

Is Agile dead in the age of AI?

Top 15 Enterprise Use Cases That Justify Hiring Node.js Developers in 2025

The Core Model: Start FROM The Answer, Not WITH The Solution

Finally, a sleek gaming laptop I can take to the office (without sacrificing power)

These jobs face the highest risk of AI takeover, according to Microsoft

Apple’s tariff costs and iPhone sales are soaring – how long until device prices are too?

5 ways to successfully integrate AI agents into your workplace

Enhancing Laravel Queries with Reusable Scope Patterns

Enhancing Laravel Queries with Reusable Scope Patterns

Everything We Know About Livewire 4

Everything We Know About Livewire 4

YouTube wants to use AI to treat “teens as teens and adults as adults” — with the most age-appropriate experiences and protections

YouTube wants to use AI to treat “teens as teens and adults as adults” — with the most age-appropriate experiences and protections

Sam Altman is afraid of OpenAI’s GPT-5 creation — “The Manhattan Project feels very fast, like there are no adults in the room”

9 new features that arrived on the Windows 11 Insider Program during the second half of July 2025

CVE-2024-30146 – HCL Domino Leap Unauthenticated Server-Side File Inclusion

This month in security with Tony Anscombe – July 2025 edition

WordPress AI Engine Plugin Bug Allows Remote Code Execution – Update Now

15+ Project Ideas For Laravel Beginners to Practice Their Skills

PanVK: il driver Vulkan open-source per GPU ARM Mali raggiunge la conformità Vulkan 1.1

How AI is Transforming the World

CVE-2025-5927 – Everest Forms Pro WordPress Remote File Deletion Vulnerability

CVE-2025-34045 – WeiPHP WeChat Public Account Path Traversal Vulnerability

Why it’s the perfect time to start blogging

CVE-2023-53136 – Linux af_unix Struct PID Leak Vulnerability

CVE-2025-46190 – SourceCodester Client Database Management System SQL Injection

CVE-2024-30146 – HCL Domino Leap Unauthenticated Server-Side File Inclusion

Related Posts