CVE-2026-46492

md-fileserver allows for local viewing of markdown files in a browser. Prior to version 1.10.3, a cross-site scripting XSS vulnerability exists in the application’s Markdown rendering logic. When user-supplied Markdown content is rendered, embedded raw HTML—including tags—is processed and injecte...

CVE-2026-46492 md-fileserver: Stored/Reflected XSS when viewing Markdown (raw HTML allowed)

md-fileserver allows for local viewing of markdown files in a browser. Prior to version 1.10.3, a cross-site scripting XSS vulnerability exists in the application’s Markdown rendering logic. When user-supplied Markdown content is rendered, embedded raw HTML—including tags—is processed and injecte...

CVE-2026-46492

md-fileserver önce 1.10.3 sürümünden önce HTML içeren Markdown içeriğini güvenli olmayan şekilde render ediyor; bu, kullanıcı tarafından sağlanan Markdown içeriğinde yer alan [removed] gibi ham HTML’nin sayfaya güvenliksız olarak enjekte edilmesine yol açıyor. Etkilenen bileşenler arasında Markdo...

CVE-2026-46492

creationtimestamp| type| source ---|---|--- 2026-05-14 19:57:57+00:00| published-proof-of-concept| https://github.com/commenthol/md-fileserver/security/advisories/GHSA-32q2-hhr5-6qvv 2026-06-09 17:11:57+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnuowoqpot2g...

Improper Neutralization of Equivalent Special Elements

Overview github.com/caddyserver/caddy/v2/modules/caddyhttp/fileserver is a fast and extensible multi-platform HTTP/1-2-3 web server with automatic HTTPS Affected versions of this package are vulnerable to Improper Neutralization of Equivalent Special Elements in matcher.go‎, when matching filenam...

WeKan 访问控制错误漏洞

WeKan is an open-source dashboard application developed by WeKan. Versions of WeKan 8.20 and earlier contained a security vulnerability related to access control. This vulnerability stemmed from improper handling of files in the “Fileserver/methods/fixDuplicateLists.js” component by the...

EUVD-2012-4528

Malware in sbrugna...

EUVD-2016-10573

Malware in sbrugna...

EUVD-2009-2539

Malware in sbrugna...

EUVD-2020-1326

Malware in sbrugna...

EUVD-2024-33419

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2016-3088

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an...

ClearML < 1.16.0 Unauthenticated File Access

According to its banner, the version of ClearML running on the remote host is 1.16.0. It is, therefore, affected by an Unauthenticated File Access due to the lack of authentication of the fileserver component. Note that the scanner has not tested for these issues but has instead relied only on th...

[SECURITY] [DLA 4168-1] openafs security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4168-1 [email protected] https://www.debian.org/lts/security/ Thorsten Alteholz May 17, 2025 https://wiki.debian.org/LTS -...

Linux Distros Unpatched Vulnerability : CVE-2024-10396

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An authenticated user can provide a malformed ACL to the fileserver's StoreACL RPC, causing the fileserver to crash, possibly expose uninitialized memory, and...

copyparty renders unsanitized filenames as HTML when user uploads empty files

Summary A DOM-Based XSS was discovered in copyparty, a portable fileserver. The vulnerability is considered low-risk. Details By handing someone a maliciously-named file, and then tricking them into dragging the file into copyparty's Web-UI, an attacker could execute arbitrary javascript with the...

MGASA-2025-0013 Updated openafs packages fix security vulnerabilities

A local user can bypass the OpenAFS PAG Process Authentication Group throttling mechanism in Unix client. CVE-2024-10394 An authenticated user can provide a malformed ACL to the fileserver's StoreACL RPC, causing the fileserver to crash. CVE-2024-10396 A malicious server can crash the OpenAFS cac...

[SECURITY] [DSA 5842-1] openafs security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5842-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 11, 2025 https://www.debian.org/security/faq -...

CVE-2024-10396

An authenticated user can provide a malformed ACL to the fileserver's StoreACL RPC, causing the fileserver to crash, possibly expose uninitialized memory, and possibly store garbage data in the audit log. Malformed ACLs provided in responses to client FetchACL RPCs can cause client processes to...

DEBIAN-CVE-2024-10396

An authenticated user can provide a malformed ACL to the fileserver's StoreACL RPC, causing the fileserver to crash, possibly expose uninitialized memory, and possibly store garbage data in the audit log. Malformed ACLs provided in responses to client FetchACL RPCs can cause client processes to...