CVE-2026-8753

A security vulnerability has been detected in kalcaddle Kodbox up to 1.64. This issue affects the function parseVideoInfo of the file /workspace/source-code/plugins/fileThumb/lib/VideoResize.class.php of the component fileThumb Plugin. The manipulation of the argument ffmpegBin leads to command...

Security Updates for Azure Connected Machine Agent < 1.64 (May 2026)

The Microsoft Azure Connected Machine Agent installation on the remote host is missing security updates. It is, therefore, affected by an elevation of privilege vulnerability: - Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally...

CVE-2026-4591

A weakness has been identified in kalcaddle kodbox 1.64. This affects the function checkBin of the file /workspace/source-code/plugins/fileThumb/app.php of the component fileThumb Endpoint. Executing a manipulation can lead to os command injection. The attack can be executed remotely. The exploit...

EUVD-2026-16072

A vulnerability was identified in kalcaddle kodbox 1.64. This issue affects the function Add of the file app/controller/explorer/userShare.class.php of the component Public Share Handler. Such manipulation leads to unrestricted upload. The attack can be executed remotely. This attack is...

CVE-2026-4830

A vulnerability was identified in kalcaddle kodbox 1.64. This issue affects the function Add of the file app/controller/explorer/userShare.class.php of the component Public Share Handler. Such manipulation leads to unrestricted upload. The attack can be executed remotely. This attack is...

CVE-2026-4831

A security flaw has been discovered in kalcaddle kodbox 1.64. Impacted is the function can of the file /workspace/source-code/app/controller/explorer/auth.class.php of the component Password-protected Share Handler. Performing a manipulation results in improper authentication. The attack is...

CVE-2026-4830

The vulnerability affects kalcaddle kodbox 1.64, specifically the Add function in app/controller/explorer/userShare.class.php of the Public Share Handler. It enables manipulation that leads to unrestricted upload via a remote attack. Reported as high-complexity with difficult exploitability, and ...

CVE-2026-4830

A vulnerability was identified in kalcaddle kodbox 1.64. This issue affects the function Add of the file app/controller/explorer/userShare.class.php of the component Public Share Handler. Such manipulation leads to unrestricted upload. The attack can be executed remotely. This attack is...

PT-2026-28183

A vulnerability was identified in kalcaddle kodbox 1.64. This issue affects the function Add of the file app/controller/explorer/userShare.class.php of the component Public Share Handler. Such manipulation leads to unrestricted upload. The attack can be executed remotely. This attack is...

PT-2026-28185

A security flaw has been discovered in kalcaddle kodbox 1.64. Impacted is the function can of the file /workspace/source-code/app/controller/explorer/auth.class.php of the component Password-protected Share Handler. Performing a manipulation results in improper authentication. The attack is...

Kalcaddle Kodbox 授权问题漏洞

Kalcaddle Kodbox is a private cloud storage and online collaborative office platform developed by Kalcaddle Corporation. Version 1.64 of Kalcaddle Kodbox contains an authorization vulnerability. This vulnerability arises from improper authentication due to operations on the can function in...

Kalcaddle Kodbox 代码问题漏洞

Kalcaddle Kodbox is a private cloud storage and online collaborative office platform developed by Kalcaddle Corporation. Version 1.64 of kalcaddle Kodbox contains a code vulnerability. This vulnerability arises from an operation on the Add function in the file...

CVE-2026-4590

A security flaw has been discovered in kalcaddle kodbox 1.64. The impacted element is an unknown function of the file /workspace/source-code/plugins/oauth/controller/bind/index.class.php of the component loginSubmit API. Performing a manipulation of the argument third results in cross-site reques...

CVE-2026-4590 kalcaddle kodbox loginSubmit API index.class.php cross-site request forgery

A security flaw has been discovered in kalcaddle kodbox 1.64. The impacted element is an unknown function of the file /workspace/source-code/plugins/oauth/controller/bind/index.class.php of the component loginSubmit API. Performing a manipulation of the argument third results in cross-site reques...

CVE-2026-4589

A vulnerability was identified in kalcaddle kodbox 1.64. The affected element is the function PathDriverUrl of the file /workspace/source-code/app/controller/explorer/editor.class.php of the component fileGet Endpoint. Such manipulation of the argument path leads to server-side request forgery. T...

CVE-2026-4588

A vulnerability was determined in kalcaddle kodbox 1.64. Impacted is the function shareSafeGroup of the file /workspace/source-code/app/controller/explorer/shareOut.class.php of the component Site-level API key Handler. This manipulation of the argument sk causes use of hard-coded cryptographic k...

Kalcaddle Kodbox 操作系统命令注入漏洞

Kalcaddle Kodbox is a private cloud storage and online collaborative office platform developed by Kalcaddle Corporation. Version 1.64 of Kalcaddle Kodbox contains a vulnerability related to operating system command injection. This vulnerability stems from incorrect operations on the...

Kalcaddle Kodbox 授权问题漏洞

Kalcaddle Kodbox is a private cloud storage and online collaborative office platform developed by Kalcaddle Corporation. Version 1.64 of Kalcaddle Kodbox contains an authorization vulnerability, which stems from improper authentication in the Password Login component...

PT-2026-27124

A vulnerability was determined in kalcaddle kodbox 1.64. Impacted is the function shareSafeGroup of the file /workspace/source-code/app/controller/explorer/shareOut.class.php of the component Site-level API key Handler. This manipulation of the argument sk causes use of hard-coded cryptographic k...

Kalcaddle Kodbox 安全漏洞

Kalcaddle Kodbox is a private cloud storage and online collaborative office platform developed by Kalcaddle Corporation. A security vulnerability exists in the kalcaddle kodbox version 1.64, which stems from the Site-level API key Handler component using hardcoded keys...