87 matches found
LiquidFiles < 4.2 - User Enumeration via Password Reset
LiquidFiles filetransfer server before 4.2 contains a user enumeration vulnerability caused by distinguishable responses in password reset functionality, letting unauthenticated attackers enumerate valid user accounts, exploit requires no authentication. id: CVE-2025-56132 info: name: LiquidFiles...
EUVD-2026-42152
An authenticated stored cross-site scripting XSS vulnerability in the Upload File Shares API of LiquidFiles v4.2.7 allows attackers to execute arbitrary Javascript or HTML via injecting a crafted payload into the Name parameter...
CVE-2026-36163
An HTML injection vulnerability in the file view endpoint of LiquidFiles v4.2.7 allows authenticated attackers to execute arbitrary JavaScript in the context of the victim's browser via the uploading of and user interaction with a crafted HTML file...
CVE-2026-36162
An authenticated stored cross-site scripting XSS vulnerability in the Upload File Shares API of LiquidFiles v4.2.7 allows attackers to execute arbitrary Javascript or HTML via injecting a crafted payload into the Name parameter...
CVE-2026-36163
An HTML injection vulnerability in the file view endpoint of LiquidFiles v4.2.7 allows authenticated attackers to execute arbitrary JavaScript in the context of the victim's browser via the uploading of and user interaction with a crafted HTML file...
CVE-2026-36163
CVE-2026-36163 describes an HTML injection vulnerability in the file view endpoint of LiquidFiles v4.2.7. Authenticated attackers can upload and interact with a crafted HTML file to trigger arbitrary JavaScript execution in the victim’s browser. The affected component is the file view handling pa...
CVE-2026-36162
An authenticated stored cross-site scripting XSS vulnerability in the Upload File Shares API of LiquidFiles v4.2.7 allows attackers to execute arbitrary Javascript or HTML via injecting a crafted payload into the Name parameter...
CVE-2026-36162
CVE-2026-36162 : LiquidFiles v4.2.7 contains an authenticated stored XSS in the Upload File Shares API. An attacker can inject a crafted payload into the Name parameter to execute arbitrary Javascript/HTML in the user context. CVSSv3.1 base score 5.4 (Medium); attack vector: network; privileges r...
CVE-2026-12673
Liquidfiles versions before 4.2.12 are affected by a broken access control vulnerability resulting in privilege escalation from an Admin in a secondary domain to a Sysadmin by modifying a group in their managed secondary non-default group...
CVE-2026-12673
Liquidfiles versions before 4.2.12 are affected by a broken access control vulnerability resulting in privilege escalation from an Admin in a secondary domain to a Sysadmin by modifying a group in their managed secondary non-default group...
CVE-2026-12673
Liquidfiles versions before 4.2.12 are affected by a broken access control vulnerability resulting in privilege escalation from an Admin in a secondary domain to a Sysadmin by modifying a group in their managed secondary non-default group...
EUVD-2026-38111
Liquidfiles versions before 4.2.12 are affected by a broken access control vulnerability resulting in privilege escalation from an Admin in a secondary domain to a Sysadmin by modifying a group in their managed secondary non-default group...
CVE-2026-12673
Summary: Liquidfiles before 4.2.12 has a broken access control vulnerability that allows privilege escalation from an Admin in a secondary domain to a Sysadmin by modifying a group in the managed secondary (non-default) group. Affected product/version: Liquidfiles
VulnCheck KEV: CVE-2025-56132
LiquidFiles filetransfer server is vulnerable to a user enumeration issue in its password reset functionality. The application returns distinguishable responses for valid and invalid email addresses, allowing unauthenticated attackers to determine the existence of user accounts. Version 4.2...
CVE-2023-4393
HTML and SMTP injections on the registration page of LiquidFiles versions 3.7.13 and below, allow an attacker to perform more advanced phishing attacks against an organization...
EUVD-2020-21453
Malware in sbrugna...
EUVD-2021-17077
Malware in sbrugna...
EUVD-2020-21454
Malware in sbrugna...
Exploit for CVE-2025-56132
CVE-2025-56132 - LiquidFiles User Enumeration POC Vulnerab...
EUVD-2023-54257
Malicious code in bioql PyPI...