SUSE CVE-2026-21889

Weblate is a web based localization tool. Prior to 5.15.2, the screenshot images were served directly by the HTTP server without proper access control. This could allow an unauthenticated user to access screenshots after guessing their filename. This vulnerability is fixed in 5.15.2...

Missing Authorization

Copyparty is vulnerable to Missing Authorization. The vulnerability is due to a missing permission check in the shares feature shr global option, which allows an attacker to access sibling files within a shared folder by guessing their filenames, leading to unauthorized data exposure...

EUVD-2025-27474

Malicious code in bioql PyPI...

CVE-2025-58753

Copyparty is a portable file server. In versions prior to 1.19.8, there was a missing permission-check in the shares feature the shr global-option. When a share was created for just one file inside a folder, it was possible to access the other files inside that folder by guessing the filenames. I...

GHSA-PXVW-4W88-6X95 copyparty: Sharing a single file does not fully restrict access to other files in source folder

There was a missing permission-check in the shares feature the shr global-option. When a share is created for just one file inside a folder, it was possible to access the other files inside that folder by guessing the filenames. It was not possible to descend into subdirectories in this manner;...