Lucene search
K

4 matches found

NVD
NVD
added 2026/05/11 10:22 p.m.40 views

CVE-2026-42564

jotty·page is a self-hosted app for your checklists and notes. Prior to 1.22.0, an unauthenticated path traversal vulnerability exists in /api/app-icons/filename. The filename route parameter is joined into a filesystem path without traversal/boundary validation, allowing file reads outside...

8.2CVSS0.00318EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/11 9:17 p.m.62 views

CVE-2026-42564 jotty·page: Unauthenticated Path Traversal leads to sensitive file disclosure and session-token reuse impact

jotty·page is a self-hosted app for your checklists and notes. Prior to 1.22.0, an unauthenticated path traversal vulnerability exists in /api/app-icons/filename. The filename route parameter is joined into a filesystem path without traversal/boundary validation, allowing file reads outside...

8.2CVSS0.00318EPSS
Exploits0References1
CVE
CVE
added 2026/05/11 9:17 p.m.21 views

CVE-2026-42564

CVE-2026-42564 affects jotty.page (self-hosted notes/checklists app). Before version 1.22.0, there is an unauthenticated path traversal in the /api/app-icons/[filename] endpoint: the filename parameter is directly joined into a filesystem path without traversal/boundary validation, allowing reads...

8.2CVSS5.8AI score0.00318EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.10 views

jotty·page 路径遍历漏洞

Jotty·Page is a self-hosted inventory and note management application developed by fccview. Versions of Jotty·Page prior to 1.22.0 contained a path traversal vulnerability. This vulnerability stems from unauthorized path traversal in the /api/appIcons/filename route, which could lead to file...

8.2CVSS5.8AI score0.00318EPSS
Exploits0References1
Rows per page
Query Builder