Agora Project
Approved changes feed: RSS · Atom
cpe:2.3:a:agora-project:agora-project:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Agora Project (6d496a4c-d562-549c-a139-07be5b93e581) |
|---|---|
| Product | Agora Project (d5af40f8-1240-5261-a489-a661b38359ed) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from purl2cpe mapping |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:github/xech/agora-project |
purl2cpe | 2026-06-01 10:15:47.078724 |
pkg:sourceforge/agora-project |
purl2cpe | 2026-06-01 10:15:47.078727 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-67079 |
vulnerable | 2026-06-08 07:41:19.674616 |
Details available
File upload vulnerability in Omnispace Agora Project before 25.10 allowing attackers to execute code through the MSL engine of the Imagick library via crafted PDF file to the file upload and thumbnail functions.
Published: 2026-01-15T00:00:00.000Z
Updated: 2026-01-15T15:55:11.489Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-67078 |
vulnerable | 2026-06-08 07:41:19.674199 |
Details available
Cross site scripting (XSS) vulnerability in Omnispace Agora Project before 25.10 allowing attackers to execute arbitrary code via the notify parameter of the file controller used to display errors.
Published: 2026-01-15T00:00:00.000Z
Updated: 2026-03-10T17:10:16.845Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-67077 |
vulnerable | 2026-06-08 07:41:19.673726 |
Details available
File upload vulnerability in Omnispace Agora Project before 25.10 allowing authenticated, or under certain conditions also guest users, via the UploadTmpFile action.
Published: 2026-01-15T00:00:00.000Z
Updated: 2026-01-16T16:11:11.814Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-67076 |
vulnerable | 2026-06-08 07:41:19.673167 |
Details available
Directory traversal vulnerability in Omnispace Agora Project before 25.10 allowing unauthenticated attackers to read files on the system via the misc controller and the ExternalGetFile action. Only files with an extension can be read.
Published: 2026-01-15T00:00:00.000Z
Updated: 2026-01-16T16:11:39.765Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.