Directory Traversal

Overview basic-ftp is a FTP client for Node.js, supports FTPS over TLS, IPv6, Async/Await, and Typescript. Affected versions of this package are vulnerable to Directory Traversal in the downloadToDir method. A malicious FTP server can overwrite or create files outside the intended directory...

EUVD-2026-8813

Copyparty vulnerable to reflected XSS via setck parameter...

CVE-2026-27948

Copyparty is a portable file server. In versions prior to 1.20.9, an XSS allows for reflected cross-site scripting via URL-parameter ?setck=.... Version 1.20.9 fixes the issue...

PT-2026-22101

Name of the Vulnerable Software and Affected Versions Copyparty versions prior to 1.20.9 Description Copyparty is a portable file server susceptible to a cross-site scripting issue. A successful exploit allows for reflected cross-site scripting through the URL parameter ?setck=.... Recommendation...

Improper Neutralization of Equivalent Special Elements

Overview Affected versions of this package are vulnerable to Improper Neutralization of Equivalent Special Elements in matcher.go‎, when matching filenames using the tryfiles directive, which does not properly handle backslashes. An attacker can bypass security protections by exploiting glob...

📄 Rejetto HTTP File Server 2.3m Unauthenticated Remote Code Execution

Proof of concept exploit for an unauthenticated remote code execution vulnerability in Rejetto HTTP File Server version 2.3m that leverages template injection...

Important: kernel6.12

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: reject duplicate device on updates CVE-2025-38678 In the Linux kernel, the following vulnerability has been resolved: tcpmetrics: use dstdevnetrcu CVE-2025-40075 In the Linux kernel, the...

kernel: smb: client: Fix use-after-free in cifs_fill_dirent

A use-after-free flaw was found in cifsfilldirent in fs/cifs/readdir.c in smb client in the Linux Kernel. This flaw could allow an attacker to crash the system due to race problem. This vulnerability could even lead to a kernel information leak problem...

CVE-2026-25231 FileRise affected by an Unauthenticated File Read Due to Insufficient Access Control

FileRise is a self-hosted web file manager / WebDAV server. Versions prior to 3.3.0, the application contains an unauthenticated file read vulnerability due to the lack of access control on the /uploads directory. Files uploaded to this directory can be accessed directly by any user who knows or...

CVE-2026-2205

A vulnerability was identified in WeKan up to 8.20. This affects an unknown part of the file server/publications/cards.js of the component Meteor Publication Handler. Such manipulation leads to information disclosure. The attack may be performed from remote. Upgrading to version 8.21 is able to...

CVE-2026-2205

A vulnerability was identified in WeKan up to 8.20. This affects an unknown part of the file server/publications/cards.js of the component Meteor Publication Handler. Such manipulation leads to information disclosure. The attack may be performed from remote. Upgrading to version 8.21 is able to...

CVE-2026-2207

A weakness has been identified in WeKan up to 8.20. This issue affects some unknown processing of the file server/publications/activities.js of the component Activity Publication Handler. Executing a manipulation can lead to information disclosure. It is possible to launch the attack remotely...

CVE-2020-37079 Wing FTP Server < 6.2.7 - Cross-site Request Forgery

Wing FTP Server versions prior to 6.2.7 contain a cross-site request forgery CSRF vulnerability in the web administration interface that allows attackers to delete admin users. Attackers can craft a malicious HTML page with a hidden form to submit a request that deletes the administrative user...

CVE-2026-1962

CVE-2026-1962 affects WeKan up to 8.20, in the Attachment Migration component (server/attachmentMigration.js). The issue is an improper access control in an unknown function, potentially exploitable remotely. A fix is available: upgrade to WeKan 8.21; patch identifier 053bf1dfb76ef230db162c64a6ed...

CVE-2026-23093

In the Linux kernel, the following vulnerability has been resolved: ksmbd: smbd: fix dmaunmapsg nents The dmaunmapsg functions should be called with the same nents as the dmamapsg, not the value the map function returned...

Exploit for Code Injection in Rejetto Http_File_Server

No d...

CVE-2025-71151 cifs: Fix memory and information leak in smb3_reconfigure()

In the Linux kernel, the following vulnerability has been resolved: cifs: Fix memory and information leak in smb3reconfigure In smb3reconfigure, if smb3syncsessionctxpasswords fails, the function returns immediately without freeing and erasing the newly allocated newpassword and newpassword2. Thi...

MiracleLinux 7 : samba-4.10.16-15.el7 (AXSA:2021-1874:03)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-1874:03 advisory. samba: Negative idmap cache entries can cause incorrect group entries in the Samba file server process token CVE-2021-20254 Tenable has extracted the precedi...

Microsoft Windows SMB Server Elevation of Privilege Vulnerability (CNVD-2026-10678)

Microsoft Windows SMB Server is a network file-sharing protocol from Microsoft. It allows applications on a computer to read and write files and request services from server programs on a computer network. An elevation of privilege vulnerability exists in Microsoft Windows SMB Server due to...

CVE-2025-68786

In the Linux kernel, the following vulnerability has been resolved: ksmbd: skip lock-range check on equal size to avoid size==0 underflow When size equals the current isize including 0, the code used to call checklockrangefilp, isize, size - 1, WRITE, which computes size - 1 and can underflow for...