CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

198 matches found

GithubExploit•added 2026/04/06 3:17 p.m.•89 views

Exploit for Incorrect Authorization in Pydio Cells

CVE-2023-32749 | Pydio Cells Unauthorised Role Assignment Exp...

8.8CVSS7.2AI score0.55608EPSS

Exploits6

RedhatCVE•added 2026/01/09 11:36 a.m.•4 views

CVE-2021-41324

Directory traversal in the Copy, Move, and Delete features in Pydio Cells 2.2.9 allows remote authenticated users to enumerate personal files or Cells files belonging to any user via the nodes parameter for Copy and Move or via the Path parameter for Delete...

6.5CVSS6.7AI score0.00374EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 9:56 a.m.•8 views

CVE-2020-12851

Pydio Cells 2.0.4 allows an authenticated user to write or overwrite existing files in another user’s personal and cells folders repositories by uploading a custom generated ZIP file and leveraging the file extraction feature present in the web application. The extracted files will be placed in t...

8.1CVSS6.7AI score0.01245EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 9:56 a.m.•4 views

CVE-2020-12852

The update feature for Pydio Cells 2.0.4 allows an administrator user to set a custom update URL and the public RSA key used to validate the downloaded update package. The update process involves downloading the updated binary file from a URL indicated in the update server response, validating it...

8.5CVSS7.1AI score0.01409EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 9:55 a.m.•7 views

CVE-2020-12847

Pydio Cells 2.0.4 web application offers an administrative console named “Cells Console” that is available to users with an administrator role. This console provides an administrator user with the possibility of changing several settings, including the application’s mailer configuration. It is...

7.2CVSS6.7AI score0.01494EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 9:55 a.m.•8 views

CVE-2020-12849

Pydio Cells 2.0.4 allows any user to upload a profile image to the web application, including standard and shared user roles. These profile pictures can later be accessed directly with the generated URL by any unauthenticated or authenticated user...

5.4CVSS6.9AI score0.0063EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 9:55 a.m.•6 views

CVE-2020-12850

The following vulnerability applies only to the Pydio Cells Enterprise OVF version 2.0.4. Prior versions of the Pydio Cells Enterprise OVF such as version 2.0.3 have a looser policy restriction allowing the “pydio” user to execute any privileged command using sudo. In version 2.0.4 of the...

7CVSS7.2AI score0.00077EPSS

Exploits1References1

RedhatCVE•added 2026/01/07 9:29 a.m.•5 views

CVE-2019-12903

Pydio Cells before 1.5.0, when supplied with a Name field in an unexpected Unicode format, fails to handle this and includes the database column/table name as pert of the error message, exposing sensitive information...

4.3CVSS6.7AI score0.00226EPSS

Exploits0References1

RedhatCVE•added 2026/01/07 9:28 a.m.•9 views

CVE-2019-12901

Pydio Cells before 1.5.0 fails to neutralize '../' elements, allowing an attacker with minimum privilege to Upload files to, and Delete files/folders from, an unprivileged directory, leading to Privilege escalation...

8.8CVSS7AI score0.00685EPSS

Exploits0References1

RedhatCVE•added 2026/01/07 9:27 a.m.•5 views

CVE-2019-12902

Pydio Cells before 1.5.0 does incomplete cleanup of a user's data upon deletion. This allows a new user, holding the same User ID as a deleted user, to restore the deleted user's data...

6.5CVSS6.8AI score0.0031EPSS

Exploits0References1