25 matches found
CVE-2025-27142
LocalSend (before v1.17.0) has a path-traversal flaw in the file upload flow that allows writing files to arbitrary locations via the vulnerable endpoints, enabling remote command execution. The issue stems from missing path sanitization in the following endpoints: POST /api/localsend/v2/prepare-...
CVE-2025-27142 LocalSend path traversal vulnerability in the file upload endpoint allows nearby devices to execute arbitrary commands
LocalSend is a free, open-source app that allows users to securely share files and messages with nearby devices over their local network without needing an internet connection. Prior to version 1.17.0, due to the missing sanitization of the path in the POST /api/localsend/v2/prepare-upload and th...
CVE-2025-27142 LocalSend path traversal vulnerability in the file upload endpoint allows nearby devices to execute arbitrary commands
LocalSend is a free, open-source app that allows users to securely share files and messages with nearby devices over their local network without needing an internet connection. Prior to version 1.17.0, due to the missing sanitization of the path in the POST /api/localsend/v2/prepare-upload and th...
LocalSend 路径遍历漏洞
LocalSend is an open source cross-platform alternative to AirDrop by LocalSend Open Source. A path traversal vulnerability exists in LocalSend versions prior to 1.17.0, which stems from insufficient path cleanup. An attacker exploiting this vulnerability could remotely execute commands...
PT-2025-7912 · Localsend · Localsend
Name of the Vulnerable Software and Affected Versions: LocalSend versions prior to 1.17.0 Description: The issue arises from the missing sanitization of the path in the "POST /api/localsend/v2/prepare-upload" and "POST /api/localsend/v2/upload" endpoints, allowing a malicious file transfer reques...