CVE-2025-54589

Copyparty is a portable file server. In versions 1.18.6 and below, when accessing the recent uploads page at /?ru, users can filter the results using an input field at the top. This field appends a filter parameter to the URL, which reflects its value directly into a block without proper escaping...

PT-2025-31523 · Copyparty · Copyparty

Name of the Vulnerable Software and Affected Versions: Copyparty versions 1.18.6 and below Description: Copyparty is a portable file server susceptible to a reflected Cross-Site Scripting XSS issue. When accessing the recent uploads page at /?ru, the application does not properly escape...

CVE-2024-13975 Commvault 11.20.0 - 11.36.0 Windows Access Nodes Compromise via Local File Server Agent Abuse

A local privilege escalation vulnerability exists in Commvault for Windows versions 11.20.0, 11.28.0, 11.32.0, 11.34.0, and 11.36.0. In affected configurations, a local attacker who owns a client system with the file server agent installed can compromise any assigned Windows access nodes. This ma...

CVE-2024-13975

CVE-2024-13975 concerns Commvault for Windows, affecting versions 11.20.0–11.36.0. The issue is a local privilege escalation where a local attacker who has a client system with the File Server Agent installed can compromise assigned Windows access nodes, potentially enabling unauthorized access o...

CVE-2025-5220

A vulnerability was found in FreeFloat FTP Server 1.0.0 and classified as critical. Affected by this issue is some unknown functionality of the component GET Command Handler. The manipulation leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the publ...

CVE-2024-52793

The Deno Standard Library provides APIs for Deno and the Web. Prior to version 1.0.11, http/file-server's serveDir with showDirListing: true option is vulnerable to cross-site scripting when the attacker is a user who can control file names in the source directory on systems with POSIX file names...

CVE-2024-26566

An issue in Cute Http File Server v.3.1 allows a remote attacker to escalate privileges via the password verification component...

CVE-2023-49335

Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection while getting file server details...

CVE-2022-34660

A vulnerability has been identified in Teamcenter V12.4 All versions V12.4.0.15, Teamcenter V13.0 All versions V13.0.0.10, Teamcenter V13.1 All versions V13.1.0.10, Teamcenter V13.2 All versions V13.2.0.9, Teamcenter V13.3 All versions V13.3.0.5, Teamcenter V14.0 All versions V14.0.0.2. File Serv...

CVE-2022-31527

The Wildog/flask-file-server repository through 2020-02-20 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

CVE-2022-24888

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 20.0.14.4, 21.0.8, 22.2.4, and 23.0.1, it is possible to create files and folders that have leading and trailing \n, \r, \t, and \v characters. The server rejects files and folders...

CVE-2020-15573

SolarWinds Serv-U File Server before 15.2.1 has a "Cross-script vulnerability," aka Case Numbers 00041778 and 00306421...

CVE-2020-15575

SolarWinds Serv-U File Server before 15.2.1 allows XSS as demonstrated by Tenable Scan, aka Case Number 00484194...

CVE-2020-15574

SolarWinds Serv-U File Server before 15.2.1 mishandles the Same-Site cookie attribute, aka Case Number 00331893...

CVE-2019-19518

CA Automic Sysload 5.6.0 through 6.1.2 contains a vulnerability, related to a lack of authentication on the File Server port, that potentially allows remote attackers to execute arbitrary commands...

CVE-2019-5447

A path traversal vulnerability in = v0.2.6 of http-file-server npm module allows attackers to list files in arbitrary folders...

CVE-2010-1381

The default configuration of SMB File Server in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, enables support for wide links, which allows remote authenticated users to access arbitrary files via vectors involving symbolic links. NOTE: this might overlap CVE-2010-0926...

CVE-2025-4845

A vulnerability, which was classified as critical, has been found in FreeFloat FTP Server 1.0. Affected by this issue is some unknown functionality of the component TRACE Command Handler. The manipulation leads to buffer overflow. The attack may be launched remotely. The exploit has been disclose...

CVE-2025-4788

A vulnerability classified as critical was found in FreeFloat FTP Server 1.0. Affected by this vulnerability is an unknown functionality of the component DELETE Command Handler. The manipulation leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the...

CVE-2025-29839

Out-of-bounds read in Windows File Server allows an unauthorized attacker to disclose information locally...