Lucene search
K

4 matches found

Cvelist
Cvelist
added yesterday15 views

CVE-2026-54563 Cloudreve: Path Traversal / Broken Access Control in Cloudreve WebDAV (`/dav`) — scoped DAV credential escapes its configured account root

Cloudreve is a self-hosted file management and sharing system. Prior to 4.16.1, a Cloudreve WebDAV account rooted at a configured folder can send paths such as /dav/%2e%2e/outside.txt because stripPrefix in pkg/webdav/webdav.go joins the decoded request suffix to the account root with...

7.1CVSS
Exploits0References1
CVE
CVE
added 2026/04/08 7:45 p.m.27 views

CVE-2026-39859

LiquidJS (liquidjs) has a path traversal vulnerability in renderFile()/parseFile() where top-level file loads do not enforce the configured root boundary, allowing access to arbitrary local files when root is empty. Affected versions are before 10.25.3; the issue is fixed in 10.25.3 (per NVD/Red ...

7.5CVSS6AI score0.00447EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/04/08 3:4 p.m.4 views

EUVD-2026-20611

LiquidJS: renderFile / parseFile bypass configured root and allow arbitrary file read...

6.3CVSS6AI score0.00447EPSS
Exploits0References4
OSV
OSV
added 2018/09/10 5:29 p.m.3 views

UBUNTU-CVE-2018-12608

An issue was discovered in Docker Moby before 17.06.0. The Docker engine validated a client TLS certificate using both the configured client CA root certificate and all system roots on non-Windows systems. This allowed a client with any domain validated certificate signed by a system-trusted root...

7.5CVSS7.1AI score0.0092EPSS
Exploits0References2
Rows per page
Query Builder