CVE-2025-67506P2CRITICALCVSS 9.8fixed in 0.1.0-beta2025-12-10
CVE-2025-67506 [CRITICAL] CWE-22 CVE-2025-67506: PipesHub is a fully extensible workplace AI platform for enterprise search and workflow automation.
PipesHub is a fully extensible workplace AI platform for enterprise search and workflow automation. Versions prior to 0.1.0-beta expose POST /api/v1/record/buffer/convert through missing authentication. The endpoint accepts a file upload and converts it to PDF via LibreOffice by uploading payload to os.path.join(tmpdir, file.filename) without normal
nvd