32 matches found
SUSE CVE-2026-25161
Alist is a file list program that supports multiple storages, powered by Gin and Solidjs. Prior to version 3.57.0, the application contains path traversal vulnerability in multiple file operation handlers. An authenticated attacker can bypass directory-level authorisation by injecting traversal...
CVE-2026-25161
Alist is a file list program that supports multiple storages, powered by Gin and Solidjs. Prior to version 3.57.0, the application contains path traversal vulnerability in multiple file operation handlers. An authenticated attacker can bypass directory-level authorisation by injecting traversal...
CVE-2026-25160
Alist is a file list program that supports multiple storages, powered by Gin and Solidjs. Prior to version 3.57.0, the application disables TLS certificate verification by default for all outgoing storage driver communications, making the system vulnerable to Man-in-the-Middle MitM attacks. This...
CVE-2026-25160
Alist is a file list program that supports multiple storages, powered by Gin and Solidjs. Prior to version 3.57.0, the application disables TLS certificate verification by default for all outgoing storage driver communications, making the system vulnerable to Man-in-the-Middle MitM attacks. This...
CVE-2026-25161
CVE-2026-25161 affects Alist up to version 3.56.x, with a path traversal flaw in multiple file operation handlers. By injecting traversal sequences into filename components, an authenticated user can bypass directory-level authorisation and perform unauthorised removal, movement, or copying of fi...
CVE-2026-25161
Alist is a file list program that supports multiple storages, powered by Gin and Solidjs. Prior to version 3.57.0, the application contains path traversal vulnerability in multiple file operation handlers. An authenticated attacker can bypass directory-level authorisation by injecting traversal...
CVE-2026-25161 Alist vulnerable to Path Traversal in multiple file operation handlers
Alist is a file list program that supports multiple storages, powered by Gin and Solidjs. Prior to version 3.57.0, the application contains path traversal vulnerability in multiple file operation handlers. An authenticated attacker can bypass directory-level authorisation by injecting traversal...
CVE-2026-25161 Alist vulnerable to Path Traversal in multiple file operation handlers
Alist is a file list program that supports multiple storages, powered by Gin and Solidjs. Prior to version 3.57.0, the application contains path traversal vulnerability in multiple file operation handlers. An authenticated attacker can bypass directory-level authorisation by injecting traversal...
CVE-2026-25161 Alist vulnerable to Path Traversal in multiple file operation handlers
Alist is a file list program that supports multiple storages, powered by Gin and Solidjs. Prior to version 3.57.0, the application contains path traversal vulnerability in multiple file operation handlers. An authenticated attacker can bypass directory-level authorisation by injecting traversal...
CVE-2026-25160
Alist is a file list program that supports multiple storages, powered by Gin and Solidjs. Prior to version 3.57.0, the application disables TLS certificate verification by default for all outgoing storage driver communications, making the system vulnerable to Man-in-the-Middle MitM attacks. This...
CVE-2026-25160 Alist has Insecure TLS Config
Alist is a file list program that supports multiple storages, powered by Gin and Solidjs. Prior to version 3.57.0, the application disables TLS certificate verification by default for all outgoing storage driver communications, making the system vulnerable to Man-in-the-Middle MitM attacks. This...
CVE-2026-25160
CVE-2026-25160 affects Alist prior to 3.57.0, where TLS certificate verification is disabled by default for all outgoing storage communications. This insecure TLS configuration enables potential Man-in-the-Middle (MitM) attacks, allowing interception, decryption, and possible tampering of data du...
CVE-2026-25160 Alist has Insecure TLS Config
Alist is a file list program that supports multiple storages, powered by Gin and Solidjs. Prior to version 3.57.0, the application disables TLS certificate verification by default for all outgoing storage driver communications, making the system vulnerable to Man-in-the-Middle MitM attacks. This...
Improper Certificate Validation
Overview Affected versions of this package are vulnerable to Improper Certificate Validation due to the DefaultConfig function, which sets TlsInsecureSkipVerify to true, disabling TLS certificate verification for all outgoing storage driver communications. An attacker can intercept and manipulate...
Improper Certificate Validation
Overview github.com/alist-org/alist/v3/server/handles is a file listing program powered by Gin and Solidjs Affected versions of this package are vulnerable to Improper Certificate Validation due to the DefaultConfig function, which sets TlsInsecureSkipVerify to true, disabling TLS certificate...
Improper Certificate Validation
Overview Affected versions of this package are vulnerable to Improper Certificate Validation due to the DefaultConfig function, which sets TlsInsecureSkipVerify to true, disabling TLS certificate verification for all outgoing storage driver communications. An attacker can intercept and manipulate...
PT-2026-6279
Name of the Vulnerable Software and Affected Versions Alist versions prior to 3.57.0 Description Alist is a file list program that supports multiple storages, powered by Gin and Solidjs. The application contains a path traversal issue in multiple file operation handlers. An authenticated attacker...
PT-2026-6278
Name of the Vulnerable Software and Affected Versions Alist versions prior to 3.57.0 Description Alist, a file list program powered by Gin and Solidjs, has a configuration issue where TLS certificate verification is disabled by default for all outgoing storage driver communications. This allows f...
AList 路径遍历漏洞
AList is a file list program developed by Xhofe, a developer from China. Versions of AList prior to 3.57.0 had a path traversal vulnerability. This vulnerability stemmed from vulnerabilities in multiple file operation handlers, which could lead to unauthorized file operations...
CVE-2023-33271
An issue was discovered in DTS Monitoring 3.57.0. The parameter commonname within the SSL Certificate check function is vulnerable to OS command injection blind...