Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the campaign import. An attacker can write arbitrary files to sensitive directories by uploading specially crafted ZIP archives containing malicious file paths. This can lead to overwriting internal configuration...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization due to the withHashFile handler not re-checking the share owner's current permissions. An attacker can access previously created share links and download files without authentication by using a valid but outdated...

CVE-2026-35604

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.1, when an admin revokes a user's Share and Download permissions, existing share links created by that user remain fully accessible to...

CVE-2026-35604

The CVE affects File Browser prior to v2.63.1 where public share links created by a user remain accessible to unauthenticated users after the share and download permissions are revoked. The root cause is that the public share download handler does not re-check the share owner’s current permission...

CVE-2026-20800

Gitea's notification API does not re-validate repository access permissions when returning notification details. After a user's access to a private repository is revoked, they may still view issue and pull request titles through previously received notifications...

EUVD-2024-19895

Malicious code in bioql PyPI...

Moodle 2.6.x < 2.6.11 / 2.7.x < 2.7.8 Multiple Vulnerabilities

Binary data 9426.prm...