25 matches found
CVE-2026-25154
LocalSend is a free, open-source app that allows users to share files and messages with nearby devices over their local network without needing an internet connection. In versions up to and including 1.17.0, when a user initiates a "Share via Link" session, the LocalSend application starts a loca...
CVE-2026-25154
LocalSend is a free, open-source app that allows users to share files and messages with nearby devices over their local network without needing an internet connection. In versions up to and including 1.17.0, when a user initiates a "Share via Link" session, the LocalSend application starts a loca...
CVE-2026-25154 LocalSend has Stored XSS in Web Share Interface via Filename
LocalSend is a free, open-source app that allows users to share files and messages with nearby devices over their local network without needing an internet connection. In versions up to and including 1.17.0, when a user initiates a "Share via Link" session, the LocalSend application starts a loca...
CVE-2026-25154 LocalSend has Stored XSS in Web Share Interface via Filename
LocalSend is a free, open-source app that allows users to share files and messages with nearby devices over their local network without needing an internet connection. In versions up to and including 1.17.0, when a user initiates a "Share via Link" session, the LocalSend application starts a loca...
CVE-2026-25154
CVE-2026-25154 affects LocalSend (versions up to and including 1.17.0). The Red Hat/NVD/OSV/CVE list entries describe a Stored XSS vulnerability in the Web Share Interface via the filename, with the client-side logic in app/assets/web/main.js and a patch in commit 8f3cec85aa29b2b13fed9b2f8e499e1a...
CVE-2026-25154
LocalSend is a free, open-source app that allows users to share files and messages with nearby devices over their local network without needing an internet connection. In versions up to and including 1.17.0, when a user initiates a "Share via Link" session, the LocalSend application starts a loca...
CVE-2026-25154 LocalSend has Stored XSS in Web Share Interface via Filename
LocalSend is a free, open-source app that allows users to share files and messages with nearby devices over their local network without needing an internet connection. In versions up to and including 1.17.0, when a user initiates a "Share via Link" session, the LocalSend application starts a loca...
LocalSend cross-site scripting vulnerability
LocalSend is an open-source alternative to AirDrop developed by LocalSend. Versions of LocalSend 1.17.0 and earlier contained a cross-site scripting vulnerability. This vulnerability stemmed from the Web interface client’s logic, which posed a risk of cross-site scripting attacks, potentially...
EUVD-2025-23410
Malicious code in bioql PyPI...
CVE-2025-54792
LocalSend is an open-source app to securely share files and messages with nearby devices over local networks without needing an internet connection. In versions 1.16.1 and below, a critical Man-in-the-Middle MitM vulnerability in the software's discovery protocol allows an unauthenticated attacke...
CVE-2025-54792
LocalSend is an open-source app to securely share files and messages with nearby devices over local networks without needing an internet connection. In versions 1.16.1 and below, a critical Man-in-the-Middle MitM vulnerability in the software's discovery protocol allows an unauthenticated attacke...
CVE-2025-54792
LocalSend (open-source file sharing app) is affected in versions 1.16.1 and earlier. A vulnerability in the discovery protocol permits an unauthenticated attacker on the same local network to impersonate legitimate devices, enabling silent interception and modification of file transfers. Impact i...
CVE-2025-54792 LocalSend is Vulnerable to Man-in-the-Middle Attacks, Leading to File Interception
LocalSend is an open-source app to securely share files and messages with nearby devices over local networks without needing an internet connection. In versions 1.16.1 and below, a critical Man-in-the-Middle MitM vulnerability in the software's discovery protocol allows an unauthenticated attacke...
CVE-2025-54792 LocalSend is Vulnerable to Man-in-the-Middle Attacks, Leading to File Interception
LocalSend is an open-source app to securely share files and messages with nearby devices over local networks without needing an internet connection. In versions 1.16.1 and below, a critical Man-in-the-Middle MitM vulnerability in the software's discovery protocol allows an unauthenticated attacke...
CVE-2025-54792 LocalSend is Vulnerable to Man-in-the-Middle Attacks, Leading to File Interception
LocalSend is an open-source app to securely share files and messages with nearby devices over local networks without needing an internet connection. In versions 1.16.1 and below, a critical Man-in-the-Middle MitM vulnerability in the software's discovery protocol allows an unauthenticated attacke...
PT-2025-31704 · Localsend · Localsend
Name of the Vulnerable Software and Affected Versions: LocalSend versions 1.16.1 and earlier Description: LocalSend is an open-source application designed for secure file and message sharing between nearby devices on local networks without requiring an internet connection. A critical...
LocalSend 安全漏洞
LocalSend is an open source cross-platform alternative to AirDrop by LocalSend Open Source. A security vulnerability exists in LocalSend 1.16.1 and earlier versions, which stems from the discovery of a man-in-the-middle attack vulnerability in the protocol that could lead to file transfer...
CVE-2025-27142
LocalSend is a free, open-source app that allows users to securely share files and messages with nearby devices over their local network without needing an internet connection. Prior to version 1.17.0, due to the missing sanitization of the path in the POST /api/localsend/v2/prepare-upload and th...
CVE-2025-27142
LocalSend is a free, open-source app that allows users to securely share files and messages with nearby devices over their local network without needing an internet connection. Prior to version 1.17.0, due to the missing sanitization of the path in the POST /api/localsend/v2/prepare-upload and th...
CVE-2025-27142 LocalSend path traversal vulnerability in the file upload endpoint allows nearby devices to execute arbitrary commands
LocalSend is a free, open-source app that allows users to securely share files and messages with nearby devices over their local network without needing an internet connection. Prior to version 1.17.0, due to the missing sanitization of the path in the POST /api/localsend/v2/prepare-upload and th...