CVE-2019-20452

A problem was found in Pydio Core before 8.2.4 and Pydio Enterprise before 8.2.4. A PHP object injection is present in the page plugins/core.access/src/RecycleBinManager.php. An authenticated user with basic privileges can inject objects and achieve remote code execution...

EUVD-2019-10999

Malware in sbrugna...

EUVD-2024-54428

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2019-9642

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in proxy.php in pydio-core in Pydio through 8.2.2. Through an unauthenticated request, it possible to evaluate malicious PHP code by...

Pydio Core <= 8.2.5 XSS Vulnerability

Pydio Core is prone to a cross-site scripting XSS vulnerability via the New URL Bookmark feature. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-on...

Pydio Core End of Life (EOL) Detection

The Pydio Core version on the remote host has reached the end of life EOL and should not be used anymore. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

CVE-2024-40124

Pydio Core = 8.2.5 is vulnerable to Cross Site Scripting XSS via the New URL Bookmark feature...

CVE-2024-40124

Pydio Core = 8.2.5 is vulnerable to Cross Site Scripting XSS via the New URL Bookmark feature...

CVE-2024-40124

Pydio Core = 8.2.5 is vulnerable to Cross Site Scripting XSS via the New URL Bookmark feature...

CVE-2024-40124

Pydio Core = 8.2.5 is vulnerable to Cross Site Scripting XSS via the New URL Bookmark feature...

PT-2025-17202 · Unknown · Pydio Core

Name of the Vulnerable Software and Affected Versions: Pydio Core versions 8.2.5 and earlier Description: The issue is related to Cross Site Scripting XSS via the New URL Bookmark feature. This allows for potential malicious script execution. Recommendations: For Pydio Core versions 8.2.5 and...

CVE-2024-40124

Summary (CVE-2024-40124): Pydio Core versions up to 8.2.5 are vulnerable to a cross-site scripting (XSS) flaw in the New URL Bookmark feature. The issue is confirmed across multiple sources (OpenVAS, Red Hat, CVE records). Remediation: upgrade to a version later than 8.2.5 or apply the hotfix/pat...

CVE-2024-40124

Pydio Core = 8.2.5 is vulnerable to Cross Site Scripting XSS via the New URL Bookmark feature...

Pydio Core 安全漏洞

Pydio Core is a document sharing and collaboration platform core program from Pydio, Inc. A security vulnerability exists in Pydio Core 8.2.5 and earlier versions, which stems from a cross-site scripting vulnerability in the New URL Bookmark feature...

Pydio Core and Pydio Enterprise Injection Vulnerabilities

Pydio AjaXplorer is a web-based remote file manager. The manager supports uploading and downloading files, online file editing, image previewing and more. A security vulnerability exists in the plugins/uploader.http/HttpDownload.php file in Pydio Core before 8.2.4 and Pydio Enterprise before 8.2....

CVE-2019-20453

A problem was found in Pydio Core before 8.2.4 and Pydio Enterprise before 8.2.4. A PHP object injection is present in the page plugins/uploader.http/HttpDownload.php. An authenticated user with basic privileges can inject objects and achieve remote code execution...

CVE-2019-20453

CVE-2019-20453 affects Pydio Core (before 8.2.4) and Pydio Enterprise (before 8.2.4). A PHP object injection flaw exists in the page plugins/uploader.http/HttpDownload.php. An authenticated user with basic privileges can inject objects and achieve remote code execution. Public details across mult...

CVE-2019-20453

A problem was found in Pydio Core before 8.2.4 and Pydio Enterprise before 8.2.4. A PHP object injection is present in the page plugins/uploader.http/HttpDownload.php. An authenticated user with basic privileges can inject objects and achieve remote code execution...

CVE-2019-20452

Summary: CVE-2019-20452 affects Pydio Core (pre-8.2.4) and Pydio Enterprise (pre-8.2.4). A PHP object injection vulnerability resides in plugins/core.access/src/RecycleBinManager.php. An authenticated user with basic privileges can inject objects and achieve remote code execution. The issue is do...

UBUNTU-CVE-2019-9642

An issue was discovered in proxy.php in pydio-core in Pydio through 8.2.2. Through an unauthenticated request, it possible to evaluate malicious PHP code by placing it on the fourth line of a .php file, as demonstrated by a PoC.php created by the guest account, with execution via a...