PT-2025-33079 · Unknown · Quickshare File Server

Name of the Vulnerable Software and Affected Versions: QuickShare File Server version 1.2.1 Description: QuickShare File Server version 1.2.1 contains a path traversal vulnerability in its FTP service due to improper sanitation of user-supplied file paths. Authenticated users can exploit this fla...

Rejetto HTTP File Server < 2.3c Remote Code Execution

Rejetto HTTP File Server versions prior to 2.3c, is vulnerable to a remote code execution. This vulnerability allows a remote, unauthenticated attacker to execute arbitrary commands on the affected system by sending a specially crafted HTTP request. No source data...

CVE-2025-54796

Copyparty is a portable file server. Versions prior to 1.18.9, the filter parameter for the "Recent Uploads" page allows arbitrary RegExes. If this feature is enabled which is the default, an attacker can craft a filter which deadlocks the server. This is fixed in version 1.18.9...

The vulnerability of the file server, related to incorrect restrictions on the path to the restricted directory, allows a hacker to bypass security restrictions.

The vulnerability of the server-filesystem is related to incorrect restrictions on the path to the restricted directory. Exploiting this vulnerability allows a malicious actor to bypass security restrictions remotely...

CVE-2025-54589

Copyparty is a portable file server. In versions 1.18.6 and below, when accessing the recent uploads page at /?ru, users can filter the results using an input field at the top. This field appends a filter parameter to the URL, which reflects its value directly into a...

CVE-2025-54796 Copyparty is vulnerable to Regex Denial of Service (ReDoS) attacks through "Recent Uploads" page

Copyparty is a portable file server. Versions prior to 1.18.9, the filter parameter for the "Recent Uploads" page allows arbitrary RegExes. If this feature is enabled which is the default, an attacker can craft a filter which deadlocks the server. This is fixed in version 1.18.9...

CVE-2025-54589

Copyparty is a portable file server. In versions 1.18.6 and below, when accessing the recent uploads page at /?ru, users can filter the results using an input field at the top. This field appends a filter parameter to the URL, which reflects its value directly into a block without proper escaping...

PT-2025-31523 · Copyparty · Copyparty

Name of the Vulnerable Software and Affected Versions: Copyparty versions 1.18.6 and below Description: Copyparty is a portable file server susceptible to a reflected Cross-Site Scripting XSS issue. When accessing the recent uploads page at /?ru, the application does not properly escape...

CVE-2024-13975

CVE-2024-13975 concerns Commvault for Windows, affecting versions 11.20.0–11.36.0. The issue is a local privilege escalation where a local attacker who has a client system with the File Server Agent installed can compromise assigned Windows access nodes, potentially enabling unauthorized access o...

CVE-2024-13975 Commvault 11.20.0 - 11.36.0 Windows Access Nodes Compromise via Local File Server Agent Abuse

A local privilege escalation vulnerability exists in Commvault for Windows versions 11.20.0, 11.28.0, 11.32.0, 11.34.0, and 11.36.0. In affected configurations, a local attacker who owns a client system with the file server agent installed can compromise any assigned Windows access nodes. This ma...

The vulnerability of the PLS FTP-server command in the PCMan FTP Server allows a hacker to execute arbitrary code or cause a service failure.

The vulnerability of the PLS FTP-server’s command line interface is related to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code or cause service interruptions...

The vulnerability of the SET command for the PCMan FTP Server allows a hacker to execute arbitrary code or cause a service failure.

The vulnerability of the SET command for the PCMan FTP Server is related to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code or cause service interruptions...

The vulnerability of the SolarWinds Serv-U File Server file server arises from incorrect path name restrictions for the restricted access directory, allowing a hacker to execute arbitrary code.

The vulnerability of the SolarWinds Serv-U File Server file server is related to an incorrect limitation on the path name for the restricted access directory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by connecting to port 21...

CVE-2025-5220

A vulnerability was found in FreeFloat FTP Server 1.0.0 and classified as critical. Affected by this issue is some unknown functionality of the component GET Command Handler. The manipulation leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the publ...

CVE-2024-52793

The Deno Standard Library provides APIs for Deno and the Web. Prior to version 1.0.11, http/file-server's serveDir with showDirListing: true option is vulnerable to cross-site scripting when the attacker is a user who can control file names in the source directory on systems with POSIX file names...

CVE-2024-26566

An issue in Cute Http File Server v.3.1 allows a remote attacker to escalate privileges via the password verification component...

CVE-2023-49335

Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection while getting file server details...

CVE-2022-34660

A vulnerability has been identified in Teamcenter V12.4 All versions V12.4.0.15, Teamcenter V13.0 All versions V13.0.0.10, Teamcenter V13.1 All versions V13.1.0.10, Teamcenter V13.2 All versions V13.2.0.9, Teamcenter V13.3 All versions V13.3.0.5, Teamcenter V14.0 All versions V14.0.0.2. File Serv...

CVE-2022-31527

The Wildog/flask-file-server repository through 2020-02-20 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

CVE-2022-24888

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 20.0.14.4, 21.0.8, 22.2.4, and 23.0.1, it is possible to create files and folders that have leading and trailing \n, \r, \t, and \v characters. The server rejects files and folders...