Lucene search
K

87 matches found

Nuclei
Nuclei
added yesterday13 views

LiquidFiles < 4.2 - User Enumeration via Password Reset

LiquidFiles filetransfer server before 4.2 contains a user enumeration vulnerability caused by distinguishable responses in password reset functionality, letting unauthenticated attackers enumerate valid user accounts, exploit requires no authentication. id: CVE-2025-56132 info: name: LiquidFiles...

7.3CVSS5.9AI score0.00648EPSS
Exploits1References2
EUVD
EUVD
added 3 days ago5 views

EUVD-2026-42152

An authenticated stored cross-site scripting XSS vulnerability in the Upload File Shares API of LiquidFiles v4.2.7 allows attackers to execute arbitrary Javascript or HTML via injecting a crafted payload into the Name parameter...

5.4CVSS6AI score0.00141EPSS
Exploits0References3
NVD
NVD
added 4 days ago7 views

CVE-2026-36163

An HTML injection vulnerability in the file view endpoint of LiquidFiles v4.2.7 allows authenticated attackers to execute arbitrary JavaScript in the context of the victim's browser via the uploading of and user interaction with a crafted HTML file...

5.4CVSS0.00141EPSS
Exploits0References2
NVD
NVD
added 4 days ago6 views

CVE-2026-36162

An authenticated stored cross-site scripting XSS vulnerability in the Upload File Shares API of LiquidFiles v4.2.7 allows attackers to execute arbitrary Javascript or HTML via injecting a crafted payload into the Name parameter...

5.4CVSS0.00141EPSS
Exploits0References2
Cvelist
Cvelist
added 4 days ago24 views

CVE-2026-36163

An HTML injection vulnerability in the file view endpoint of LiquidFiles v4.2.7 allows authenticated attackers to execute arbitrary JavaScript in the context of the victim's browser via the uploading of and user interaction with a crafted HTML file...

0.00141EPSS
Exploits0References2
CVE
CVE
added 4 days ago12 views

CVE-2026-36163

CVE-2026-36163 describes an HTML injection vulnerability in the file view endpoint of LiquidFiles v4.2.7. Authenticated attackers can upload and interact with a crafted HTML file to trigger arbitrary JavaScript execution in the victim’s browser. The affected component is the file view handling pa...

5.4CVSS6.2AI score0.00141EPSS
Exploits0References2
Cvelist
Cvelist
added 4 days ago25 views

CVE-2026-36162

An authenticated stored cross-site scripting XSS vulnerability in the Upload File Shares API of LiquidFiles v4.2.7 allows attackers to execute arbitrary Javascript or HTML via injecting a crafted payload into the Name parameter...

0.00141EPSS
Exploits0References2
CVE
CVE
added 4 days ago8 views

CVE-2026-36162

CVE-2026-36162 : LiquidFiles v4.2.7 contains an authenticated stored XSS in the Upload File Shares API. An attacker can inject a crafted payload into the Name parameter to execute arbitrary Javascript/HTML in the user context. CVSSv3.1 base score 5.4 (Medium); attack vector: network; privileges r...

5.4CVSS6AI score0.00141EPSS
Exploits0References2
NVD
NVD
added 2026/06/20 2:16 p.m.11 views

CVE-2026-12673

Liquidfiles versions before 4.2.12 are affected by a broken access control vulnerability resulting in privilege escalation from an Admin in a secondary domain to a Sysadmin by modifying a group in their managed secondary non-default group...

5.9CVSS0.0026EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/20 12:36 p.m.27 views

CVE-2026-12673

Liquidfiles versions before 4.2.12 are affected by a broken access control vulnerability resulting in privilege escalation from an Admin in a secondary domain to a Sysadmin by modifying a group in their managed secondary non-default group...

5.9CVSS0.0026EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/20 12:36 p.m.8 views

CVE-2026-12673

Liquidfiles versions before 4.2.12 are affected by a broken access control vulnerability resulting in privilege escalation from an Admin in a secondary domain to a Sysadmin by modifying a group in their managed secondary non-default group...

5.9CVSS5.8AI score0.0026EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/20 12:36 p.m.11 views

EUVD-2026-38111

Liquidfiles versions before 4.2.12 are affected by a broken access control vulnerability resulting in privilege escalation from an Admin in a secondary domain to a Sysadmin by modifying a group in their managed secondary non-default group...

5.9CVSS5.8AI score0.0026EPSS
Exploits0References2
CVE
CVE
added 2026/06/20 12:36 p.m.32 views

CVE-2026-12673

Summary: Liquidfiles before 4.2.12 has a broken access control vulnerability that allows privilege escalation from an Admin in a secondary domain to a Sysadmin by modifying a group in the managed secondary (non-default) group. Affected product/version: Liquidfiles

5.9CVSS5.8AI score0.0026EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
added 2026/04/30 12:0 a.m.7 views

VulnCheck KEV: CVE-2025-56132

LiquidFiles filetransfer server is vulnerable to a user enumeration issue in its password reset functionality. The application returns distinguishable responses for valid and invalid email addresses, allowing unauthenticated attackers to determine the existence of user accounts. Version 4.2...

7.3CVSS5.3AI score0.00648EPSS
In wildExploits1References2
RedhatCVE
RedhatCVE
added 2026/01/09 9:25 a.m.6 views

CVE-2023-4393

HTML and SMTP injections on the registration page of LiquidFiles versions 3.7.13 and below, allow an attacker to perform more advanced phishing attacks against an organization...

6.1CVSS6.8AI score0.00309EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-21453

Malware in sbrugna...

9CVSS9.1AI score0.01639EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-17077

Malware in sbrugna...

5.4CVSS5.6AI score0.0136EPSS
Exploits3References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2020-21454

Malware in sbrugna...

6.1CVSS6.3AI score0.007EPSS
Exploits1References3
GithubExploit
GithubExploit
added 2025/10/05 1:15 p.m.227 views

Exploit for CVE-2025-56132

CVE-2025-56132 - LiquidFiles User Enumeration POC Vulnerab...

7.3CVSS6.4AI score0.00648EPSS
Exploits1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-54257

Malicious code in bioql PyPI...

6.1CVSS6.4AI score0.00309EPSS
Exploits0References1
Rows per page
Query Builder