Approved changes feed: RSS · Atom

cpe:2.3:a:agora-project:agora-project:*:*:*:*:*:*:*:*

part: a version: * update: *

VendorAgora Project (6d496a4c-d562-549c-a139-07be5b93e581)
ProductAgora Project (d5af40f8-1240-5261-a489-a661b38359ed)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from purl2cpe mapping

PURL mappings

PURLSourceLast updated
pkg:github/xech/agora-project purl2cpe 2026-06-01 10:15:47.078724
pkg:sourceforge/agora-project purl2cpe 2026-06-01 10:15:47.078727

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2025-67079 vulnerable 2026-06-08 07:41:19.674616 Details available
File upload vulnerability in Omnispace Agora Project before 25.10 allowing attackers to execute code through the MSL engine of the Imagick library via crafted PDF file to the file upload and thumbnail functions.
Published: 2026-01-15T00:00:00.000Z
Updated: 2026-01-15T15:55:11.489Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-67078 vulnerable 2026-06-08 07:41:19.674199 Details available
Cross site scripting (XSS) vulnerability in Omnispace Agora Project before 25.10 allowing attackers to execute arbitrary code via the notify parameter of the file controller used to display errors.
Published: 2026-01-15T00:00:00.000Z
Updated: 2026-03-10T17:10:16.845Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-67077 vulnerable 2026-06-08 07:41:19.673726 Details available
File upload vulnerability in Omnispace Agora Project before 25.10 allowing authenticated, or under certain conditions also guest users, via the UploadTmpFile action.
Published: 2026-01-15T00:00:00.000Z
Updated: 2026-01-16T16:11:11.814Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-67076 vulnerable 2026-06-08 07:41:19.673167 Details available
Directory traversal vulnerability in Omnispace Agora Project before 25.10 allowing unauthenticated attackers to read files on the system via the misc controller and the ExternalGetFile action. Only files with an extension can be read.
Published: 2026-01-15T00:00:00.000Z
Updated: 2026-01-16T16:11:39.765Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.