CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

25 matches found

EUVD•added 2026/04/23 12:10 a.m.•1 views

EUVD-2026-25150

PsiTransfer is an open source, self-hosted file sharing solution. Prior to version 2.4.3, the upload PATCH flow under /files/:uploadId validates the mounted request path using the still-encoded req.path, but the downstream tus handler later writes using the decoded req.params.uploadId. In...

7.5CVSS5.8AI score0.00055EPSS

Exploits0References3

CNNVD•added 2026/04/23 12:0 a.m.•4 views

PsiTransfer 路径遍历漏洞

PsiTransfer is a simple, self-hosted file sharing solution developed by Christoph Wiechert. Versions of PsiTransfer prior to 2.4.3 contained a path traversal vulnerability. This vulnerability stemmed from the PATCH upload process, which validated the encoded request paths, but the downstream TUS...

7.5CVSS6.1AI score0.00055EPSS

Exploits0References1

Positive Technologies•added 2026/04/23 12:0 a.m.•0 views

PT-2026-34592

7.5CVSS5.8AI score0.00055EPSS

Exploits0References4

OSV•added 2026/04/16 9:13 p.m.•0 views

GHSA-533Q-W4G6-5586 PsiTransfer: Upload PATCH path traversal can create `config.<NODE_ENV>.js` and lead to code execution on restart

Summary The upload PATCH flow under /files/:uploadId validates the mounted request path using the still-encoded req.path, but the downstream tus handler later writes using the decoded req.params.uploadId. In deployments that use a supported custom PSITRANSFERUPLOADDIR whose basename prefixes a...

7.5CVSS6.1AI score0.00055EPSS

Exploits0References5

EUVD•added 2025/12/30 7:25 p.m.•1 views

EUVD-2025-205843

PsiTransfer has Zip Slip Path Traversal via TAR Archive Download...

6.5AI score

Exploits0References4

OSV•added 2025/12/30 7:25 p.m.•1 views

GHSA-XPHH-5V4R-R3RX PsiTransfer has Zip Slip Path Traversal via TAR Archive Download

Summary A Zip Slip vulnerability in PsiTransfer allows an unauthenticated attacker to upload files with path traversal sequences in the filename e.g. ../../../.ssh/authorizedkeys. When a victim downloads the bucket as a .tar.gz archive and extracts it, malicious files are written outside the...

8.1CVSS7.3AI score

Exploits0References4

Snyk•added 2025/12/30 7:25 p.m.•3 views

Zip Slip

Overview psitransfer is a Simple open source self-hosted file sharing solution Affected versions of this package are vulnerable to Zip Slip in the archive download functionality in endpoints.js‎. An attacker can write arbitrary files outside the intended extraction directory by uploading files wi...

6.9CVSS7AI score

Exploits0References3

RedhatCVE•added 2025/05/23 10:10 a.m.•4 views

CVE-2024-31454

PsiTransfer is an open source, self-hosted file sharing solution. Prior to version 2.2.0, the absence of restrictions on the endpoint, which is designed for uploading files, allows an attacker who received the id of a file distribution to change the files that are in this distribution. The...

6.5CVSS6.9AI score0.00186EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 7:39 a.m.•4 views

CVE-2024-31453

PsiTransfer is an open source, self-hosted file sharing solution. Prior to version 2.2.0, the absence of restrictions on the endpoint, which allows users to create a path for uploading a file in a file distribution, allows an attacker to add arbitrary files to the distribution. The vulnerability...

6.5CVSS6.7AI score0.00186EPSS

Exploits0References1

NVD•added 2024/04/09 6:15 p.m.•8 views

CVE-2024-31454

6.5CVSS6.6AI score0.00186EPSS

Exploits0References2

NVD•added 2024/04/09 6:15 p.m.•14 views

CVE-2024-31453

6.5CVSS6.7AI score0.00182EPSS

Exploits0References2

OSV•added 2024/04/09 5:19 p.m.•12 views

CVE-2024-31454 PsiTransfer file integrity violation vulnerability

6.5CVSS6.6AI score0.00186EPSS

Exploits0References4

Vulnrichment•added 2024/04/09 5:19 p.m.•12 views

CVE-2024-31454 PsiTransfer file integrity violation vulnerability

6.5CVSS7.2AI score0.00186EPSS

Exploits0References2

CVE•added 2024/04/09 5:19 p.m.•51 views

CVE-2024-31454

PsiTransfer (open-source file sharing) prior to version 2.2.0 is vulnerable due to unrestricted upload-endpoint access, where an attacker who obtains a file distribution id can replace files within that distribution. This leads to integrity violations at the level of individual files, as exposed ...

6.5CVSS6.5AI score0.00186EPSS

Exploits0References2

Cvelist•added 2024/04/09 5:19 p.m.•18 views

CVE-2024-31454 PsiTransfer file integrity violation vulnerability

6.5CVSS6.7AI score0.00186EPSS

Exploits0References2

CVE•added 2024/04/09 5:12 p.m.•53 views

CVE-2024-31453

PsiTransfer is affected by two CVEs: CVE-2024-31453 and CVE-2024-31454, both prior to version 2.2.0. The issue in CVE-2024-31453 arises from lack of endpoint restrictions that let an attacker push arbitrary files into a file distribution bucket, enabling manipulation of the distribution and poten...

6.5CVSS6.6AI score0.00182EPSS

Exploits0References2

Cvelist•added 2024/04/09 5:12 p.m.•17 views

CVE-2024-31453 PsiTransfer vulnerable to violation of the integrity of file distribution

6.5CVSS6.8AI score0.00182EPSS

Exploits0References2

Vulnrichment•added 2024/04/09 5:12 p.m.•15 views

CVE-2024-31453 PsiTransfer vulnerable to violation of the integrity of file distribution

6.5CVSS7.3AI score0.00182EPSS

Exploits0References2

OSV•added 2024/04/09 5:12 p.m.•15 views

CVE-2024-31453 PsiTransfer vulnerable to violation of the integrity of file distribution

6.5CVSS6.8AI score0.00182EPSS

Exploits0References4

CNNVD•added 2024/04/09 12:0 a.m.•2 views

PsiTransfer 安全漏洞

PsiTransfer is a simple open source hosted file sharing solution from the individual developer Christoph Wiechert. A security vulnerability exists in PsiTransfer versions prior to 2.2.0, which stems from an unrestricted endpoint that allows an attacker who receives a file distribution ID to alter...

6.5CVSS6.4AI score0.00186EPSS

Exploits0References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by