CVE-2026-23482

Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, the file server endpoint does not perform permission checks on the temp/ path and does not filter path traversal sequences, allowing unauthorized attackers to read arbitrary files on the server. When scheduled backup tasks...

PT-2026-27205

Name of the Vulnerable Software and Affected Versions Blinko versions prior to 1.8.4 Description The file server endpoint does not validate permissions on the temp/ path and does not filter path traversal sequences, potentially allowing unauthorized access to arbitrary files on the server. If...

PT-2026-24824

Copyparty is a portable file server. Prior to 1.20.12, if an attacker has been given both read- and write-permissions to the server, they can upload a malicious file with the filename .prologue.html and then craft a link to potentially execute arbitrary JavaScript in the victim's context. Note th...

CVE-2025-67366

@sylphxltd/filesystem-mcp v0.5.8 is an MCP server that provides file content reading functionality. Version 0.5.8 of filesystem-mcp contains a critical path traversal vulnerability in its "readcontent" tool. This vulnerability arises from improper symlink handling in the path validation mechanism...

EUVD-2018-0227

Malware in sbrugna...

EUVD-2020-1230

Malware in sbrugna...

EUVD-2011-5244

Malware in sbrugna...

EUVD-2018-0243

Malware in sbrugna...

EUVD-2023-53319

Malicious code in bioql PyPI...

EUVD-2025-23272

Malicious code in bioql PyPI...

The vulnerability of the file server, related to incorrect restrictions on the path to the restricted directory, allows a hacker to bypass security restrictions.

The vulnerability of the server-filesystem is related to incorrect restrictions on the path to the restricted directory. Exploiting this vulnerability allows a malicious actor to bypass security restrictions remotely...

The vulnerability of the SolarWinds Serv-U File Server file server arises from incorrect path name restrictions for the restricted access directory, allowing a hacker to execute arbitrary code.

The vulnerability of the SolarWinds Serv-U File Server file server is related to an incorrect limitation on the path name for the restricted access directory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by connecting to port 21...

Rejetto Http File Server Input Validation Error Vulnerability

HTTP File Server is a simple tool that allows you to access your phone's files from your desktop, tablet or other device without any special software - just a web browser. An input validation error vulnerability exists in Rejetto Http File Server version 2.2a, which stems from the presence of an...

SolarWinds Serv-U File Server 安全漏洞

SolarWinds Serv-U File Server is a file transfer server from SolarWinds USA. A security vulnerability exists in SolarWinds Serv-U File Server version 15.3.2 and earlier, which originates from submitting an HTTP request when changing or updating the properties of a file share or a file request,...

SolarWinds Serv-U File Server 安全漏洞

Solarwinds SolarWinds Serv-U File Server is a file transfer server from SolarWinds USA. A security vulnerability exists in the SolarWinds Serv-U File Server that allows a user with administrator privileges in the Serv-U console to move, create, and delete any file that is accessible on the Serv-U...

Directory Traversal in intsol-package

intsol-package is a file server. intsol-package is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. Example Request: http GET /../../../../../../../../../../etc/passwd HTTP/1.1 host:localhost and the server's Response http HTTP/1....

CVE-2017-16178

intsol-package is a file server. intsol-package is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url...

Directory traversal

welcomyzt is a simple file server. welcomyzt is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url...

CVE-2017-16156

myprolyz is a static file server. myprolyz is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url...

HTTP File Server 2.3a, 2.3b, 2.3c - Remote Command Execution Vulnerability

Exploit for php platform in category web applications ========================================================== HTTP File Server 2.3a - 2.3b - 2.3c Remote Command Execution Author : Daniele Linguaglossa Date: 30/09/2014 Remote: Yes Vendor Homepage: http://rejetto.com/ Software Link:...