CVE-2026-41308

Password Pusher is an open source application to communicate sensitive information over the web. Prior to versions 1.69.3 and 2.4.2, a security issue in OSS PasswordPusher allowed unauthenticated creation of file-type pushes through a generic JSON API create path under certain configurations. Thi...

CVE-2026-41308

Password Pusher is an open source application to communicate sensitive information over the web. Prior to versions 1.69.3 and 2.4.2, a security issue in OSS PasswordPusher allowed unauthenticated creation of file-type pushes through a generic JSON API create path under certain configurations. Thi...

EUVD-2026-28646

Password Pusher is an open source application to communicate sensitive information over the web. Prior to versions 1.69.3 and 2.4.2, a security issue in OSS PasswordPusher allowed unauthenticated creation of file-type pushes through a generic JSON API create path under certain configurations. Thi...

CVE-2026-41308 Password Pusher: JSON API `/p.json` file upload alias bypasses file-push authentication

Password Pusher is an open source application to communicate sensitive information over the web. Prior to versions 1.69.3 and 2.4.2, a security issue in OSS PasswordPusher allowed unauthenticated creation of file-type pushes through a generic JSON API create path under certain configurations. Thi...

CVE-2026-41308

Password Pusher exposes a vulnerability (CVE-2026-41308) where unauthenticated creation of file-type pushes is possible via a generic JSON API create path, bypassing the authentication boundary under certain configurations. Affected versions prior to 1.69.3 and 2.4.2 are fixed in 1.69.3 and 2.4.2...

PT-2026-39010

Name of the Vulnerable Software and Affected Versions Password Pusher versions prior to 1.69.3 Password Pusher versions prior to 2.4.2 Description An issue in the generic JSON API create path allows unauthenticated users to create file-type pushes under certain configurations, bypassing the...

Password Pusher 安全漏洞

Password Pusher is an open-source application developed by Peter Giacomo Lombardo, used for transmitting sensitive information over the internet. Versions of Password Pusher prior to 1.69.3 and 2.4.2 contained security vulnerabilities. These vulnerabilities stemmed from the ability to create...

EUVD-2024-45558

Malicious code in bioql PyPI...

EUVD-2024-3353

Malicious code in bioql PyPI...

CVE-2024-52796

Password Pusher, an open source application to communicate sensitive information over the web, comes with a configurable rate limiter. In versions prior to v1.49.0, the rate limiter could be bypassed by forging proxy headers allowing bad actors to send unlimited traffic to the site potentially...

CVE-2024-56733

Password Pusher is an open source application to communicate sensitive information over the web. A vulnerability has been reported in versions 1.50.3 and prior where an attacker can copy the session cookie before a user logs out, potentially allowing session hijacking. Although the session token ...

The vulnerability of the web service for transmitting information through temporary links, Password Pusher, is related to incorrect session duration. This allows attackers to gain unauthorized access and disclose the protected information.

The vulnerability of the web service for transmitting information through temporary links, Password Pusher, is related to incorrect session duration. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access and disclose the protected information...

The vulnerability of the web service for transmitting information through temporary links, Password Pusher, due to improper session management, allows attackers to gain unauthorized access to the system.

The vulnerability of the web service for transmitting information through temporary links, Password Pusher, is related to improper session management. Exploiting this vulnerability can allow a remote attacker to gain unauthorized access to the system...

The vulnerability of the web service for transmitting information through temporary links, Password Pusher, due to weak password requirements, allows attackers to carry out brute-force attacks.

The vulnerability of the web service for transmitting information through temporary links, Password Pusher, is related to weak password requirements. Exploiting this vulnerability can allow a remote attacker to carry out a brute-force attack...

CVE-2024-51989

Password Pusher is an open source application to communicate sensitive information over the web. A cross-site scripting XSS vulnerability was identified in the PasswordPusher application, affecting versions v1.41.1 through and including v.1.48.0. The issue arises from an un-sanitized parameter...

The vulnerability of the web service for transmitting information through temporary links, Password Pusher, is related to an incorrect session timeout restriction, allowing attackers to gain unauthorized access to the system.

The vulnerability of the web service for transmitting information through temporary links, Password Pusher, is related to incorrect time-out restrictions on sessions. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to the system using o...

CVE-2024-56733

Password Pusher is an open source application to communicate sensitive information over the web. A vulnerability has been reported in versions 1.50.3 and prior where an attacker can copy the session cookie before a user logs out, potentially allowing session hijacking. Although the session token ...

Password Pusher Allows Session Token Interception Leading to Potential Hijacking

Impact A vulnerability has been reported in Password Pusher where an attacker can copy the session cookie before a user logs out, potentially allowing session hijacking. Although the session token is replaced and invalidated upon logout, if an attacker manages to capture the session cookie before...

Session Fixation

Overview Affected versions of this package are vulnerable to Session Fixation where an attacker can copy the session cookie before a user logs out. Note: This is only exploitable if the attacker manages to capture the session cookie before the log out process. Workaround Self-hosting users are...

CVE-2024-56733

CVE-2024-56733 affects Password Pusher (versions ≤ 1.50.3). A vulnerability allows an attacker to copy the session cookie before logout, potentially enabling session hijacking until the token expires or is cleared. Root cause centers on accessing an active session cookie (e.g., MITM, XSS, or loca...