EUVD-2026-34872

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. 16 file-manager endpoints in Termix prior to version 2.3.2 do not verify that the requesting user owns the SSH session identified by sessionId. An authenticated attacker who knows or...

CVE-2026-45743 Termix has a File-Manager Session Hijack via Missing Ownership Check (IDOR)

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. 16 file-manager endpoints in Termix prior to version 2.3.2 do not verify that the requesting user owns the SSH session identified by sessionId. An authenticated attacker who knows or...

Termix 安全漏洞

Termix is a server management platform developed by Karmaa’s individual developers. Versions of Termix prior to 2.3.2 contained security vulnerabilities. These vulnerabilities stemmed from improper validation of the sessionId parameter by the file manager’s functionality. The identifier controlle...

Termix 操作系统命令注入漏洞

Termix is a server management platform developed by Karmaa’s individual developers. Versions of Termix prior to 2.3.2 contained an operating system command injection vulnerability. This vulnerability stemmed from the GET /ssh/filemanager/ssh/resolvePath endpoint using double quotes to escape shel...

Termix 安全漏洞

Termix is a server management platform developed by Karmaa’s individual developers. Versions of Termix prior to 2.3.2 contained security vulnerabilities. These vulnerabilities stemmed from the insecure handling of path parameters by the GET /ssh/filemanager/ssh/resolvePath endpoint, which caused...

PT-2026-47022

Name of the Vulnerable Software and Affected Versions Termix versions prior to 2.3.2 Description The File Manager component of this web-based server management platform contains a command injection flaw. The endpoint "/ssh/file manager/ssh/resolvePath" unsafely processes the path parameter,...

PT-2026-47017

Name of the Vulnerable Software and Affected Versions Termix versions prior to 2.3.2 Description Termix is a web-based server management platform providing SSH terminal, tunneling, and file editing capabilities. An OS command injection exists in the "/ssh/file manager/ssh/resolvePath" endpoint. T...

PT-2026-47019

Name of the Vulnerable Software and Affected Versions Termix versions prior to 2.3.2 Description Termix is a web-based server management platform providing SSH terminal, tunneling, and file editing capabilities. The File Manager functionality contains a Broken Access Control issue resulting from...

wpFileManagerExploit

WP File Manager Expoit WP-file-manager wordpress plugin...

CVE-2026-37266

An issue in Responsive File Manager Responsive FileManager Version 9.14.0 allows a remote attacker to execute arbitrary code via the forcedownload.php component...

Exploit for CVE-2026-8380

CVE-2026-8380 CVE-2026-8380 — Frontend File Manager = 23.6...

PT-2026-44370

An issue in Responsive File Manager Responsive FileManager Version 9.14.0 allows a remote attacker to execute arbitrary code via the force download.php component...

CVE-2026-37266

An issue in Responsive File Manager Responsive FileManager Version 9.14.0 allows a remote attacker to execute arbitrary code via the forcedownload.php component...

CVE-2026-37266

An issue in Responsive File Manager Responsive FileManager Version 9.14.0 allows a remote attacker to execute arbitrary code via the forcedownload.php component...

CVE-2026-37266

CVE-2026-37266 : The issue affects Responsive File Manager’s Web application (Version 9.14.0). A vulnerability in the force_download.php component allows a remote attacker to execute arbitrary code. The publicly documented impact is significant (base CVSS v3.1: AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H...

CVE-2026-37266

An issue in Responsive File Manager Responsive FileManager Version 9.14.0 allows a remote attacker to execute arbitrary code via the forcedownload.php component...

CVE-2026-44521

elFinder is an open-source file manager for web, written in JavaScript using jQuery UI. Prior to 2.1.68, an authenticated SQL injection vulnerability in the elFinder MySQL volume driver elFinderVolumeMySQL allows any logged-in user, including users with read-only access to the affected volume, to...

EUVD-2026-32607

elFinder is an open-source file manager for web, written in JavaScript using jQuery UI. Prior to 2.1.68, an authenticated SQL injection vulnerability in the elFinder MySQL volume driver elFinderVolumeMySQL allows any logged-in user, including users with read-only access to the affected volume, to...

FileRise 访问控制错误漏洞

FileRise is a lightweight, self-hosted web-based file manager developed by Ryan. Versions of FileRise prior to 3.12.0 contained an access control vulnerability. This vulnerability stemmed from the /api/totpsetup.php endpoint, which could be accessed via a session that only requires password...

CVE-2026-8997

A flaw was found in vifm, a file manager. This vulnerability, a heap buffer overflow, occurs when the application saves its state file vifminfo.json during the history merge process. A local user could exploit this by introducing a specially crafted, excessively long path or command into the...