CVE-2026-48777

FileBrowser Quantum is a free, self-hosted, web-based file manager. Versions prior to 1.3.2-stable, 1.4.0-beta and 1.4.1-beta are vulnerable to Path Traversal through the publicPatchHandler in backend/http/public.go which joins user-controlled fromPath and toPath body fields with the trusted...

CVE-2026-48777

CVE-2026-48777 — FileBrowser Quantum has a path-traversal in the public share PATCH endpoint. Versions prior to 1.3.2-stable, 1.4.0-beta, and 1.4.1-beta allow an attacker with a public share link that has AllowModify=true to move, copy, or rename files outside the share root by abusing publicPatc...

TYPO3 CMS: Destructive Actions on File Mount Folders

Problem Non-privileged backend users with file mount access were able to perform write operations move, delete, rename on folders representing the root of an active file mount due to missing authorization restrictions. Solution Update to TYPO3 versions 10.4.57 ELTS, 11.5.51 ELTS, 12.4.46 ELTS,...

GHSA-QCMW-6RM2-5X78 TYPO3 CMS has Broken Access Control in its DataHandler

Problem Backend users were able to move records to a different page without having edit permissions on the source page. Solution Update to TYPO3 versions 13.4.31 LTS, 14.3.3 LTS that fix the problem described. Credits TYPO3 CMS thanks Hyunseo Shin for reporting this issue, and TYPO3 security team...

TYPO3 CMS has Broken Access Control in its DataHandler

Problem Backend users were able to move records to a different page without having edit permissions on the source page. Solution Update to TYPO3 versions 13.4.31 LTS, 14.3.3 LTS that fix the problem described. Credits TYPO3 CMS thanks Hyunseo Shin for reporting this issue, and TYPO3 security team...

CVE-2026-47350

Backend users were able to move records to a different page without having edit permissions on the source page. This issue affects TYPO3 CMS versions 13.0.0-13.4.31 and 14.0.0-14.3.3...

CVE-2026-36723

An unrestricted file rename vulnerability in the /api/create-user component of bookcars v8.3 allows authenticated attackers to leverage directory traversal sequences to move arbitrary files from temporary storage to arbitrary locations on the server filesystem. This enables unauthorized access to...

CVE-2026-47350

Backend users were able to move records to a different page without having edit permissions on the source page. This issue affects TYPO3 CMS versions 13.0.0-13.4.31 and 14.0.0-14.3.3...

CVE-2026-47350 TYPO3 CMS - Broken Access Control in DataHandler

Backend users were able to move records to a different page without having edit permissions on the source page. This issue affects TYPO3 CMS versions 13.0.0-13.4.31 and 14.0.0-14.3.3...

CVE-2026-47350

Technical details about CVE-2026-47350 are not publicly available in the provided documents. Monitor for updates.

CVE-2026-47350 TYPO3 CMS - Broken Access Control in DataHandler

Backend users were able to move records to a different page without having edit permissions on the source page. This issue affects TYPO3 CMS versions 13.0.0-13.4.31 and 14.0.0-14.3.3...

PT-2026-48169

An unrestricted file rename vulnerability in the /api/create-user component of bookcars v8.3 allows authenticated attackers to leverage directory traversal sequences to move arbitrary files from temporary storage to arbitrary locations on the server filesystem. This enables unauthorized access to...

EUVD-2026-34918

A path traversal vulnerability exists in the Git Service component shared by Altium Enterprise Server and Altium 365. The service accepts a sequence of post-clone file-manipulation operations that use user-supplied paths without validation, allowing an authenticated user with basic git access to...

CVE-2026-11429

Two endpoints in the Vault Service ScriptsController, shared by Altium Enterprise Server and Altium 365, accept file uploads where a user-supplied filename component is used to construct the destination path without validation, allowing arbitrary files to be written to any location writable by th...

CVE-2026-11429

A path traversal vulnerability exists in the Git Service component shared by Altium Enterprise Server and Altium 365. The service accepts a sequence of post-clone file-manipulation operations that use user-supplied paths without validation, allowing an authenticated user with basic git access to...

CVE-2026-44655

Mantis Bug Tracker MantisBT is an open source issue tracker. From 1.3.0 to 2.28.1, unescaped Project Name allows an attacker that can set it which typically requires manager or administrator access level to inject HTML in Move Attachments admin page. This vulnerability is fixed in 2.28.2...

GHSA-X628-457G-2PW9 Admidio has IDOR in `documents-files.php` `mode=move_save` that lets any folder-uploader exfiltrate files from private folders

Summary modules/documents-files.php gates state-changing modes by checking that the actor has hasUploadRight on the URL parameter folderuuid. The movesave handler then operates on a separate URL parameter fileuuid and calls File::moveToFolder$destFolderUUID. File::moveToFolder checks the upload...

PT-2026-45041

Summary modules/documents-files.php gates state-changing modes by checking that the actor has hasUploadRight on the URL parameter folder uuid. The move save handler then operates on a separate URL parameter file uuid and calls File::moveToFolder$destFolderUUID. File::moveToFolder checks the uploa...

CVE-2026-44655

Mantis Bug Tracker MantisBT is an open source issue tracker. From 1.3.0 to 2.28.1, unescaped Project Name allows an attacker that can set it which typically requires manager or administrator access level to inject HTML in Move Attachments admin page. This vulnerability is fixed in 2.28.2...

CVE-2026-44655 MantisBT: Stored XSS on Move Attachments Admin Page

Mantis Bug Tracker MantisBT is an open source issue tracker. From 1.3.0 to 2.28.1, unescaped Project Name allows an attacker that can set it which typically requires manager or administrator access level to inject HTML in Move Attachments admin page. This vulnerability is fixed in 2.28.2...