2 matches found
CVE-2026-24897
Erugo is a self-hosted file-sharing platform. In versions up to and including 0.2.14, an authenticated low-privileged user can upload arbitrary files to any specified location due to insufficient validation of user‑supplied paths when creating shares. By specifying a writable path within the publ...
CVE-2026-24897
CVE-2026-24897 affects Erugo, a self-hosted file-sharing platform. In versions up to 0.2.14, an authenticated, low-privileged user can upload arbitrary files to a location of the attacker’s choosing due to insufficient validation of user-supplied paths when creating shares. By specifying a writab...