Lucene search
K

34 matches found

Cvelist
Cvelist
added 2026/06/16 9:43 p.m.26 views

CVE-2026-47277 Runtipi: Unauthenticated arbitrary file read through app-store logo symlinks

Runtipi is a personal homeserver orchestrator. In versions 4.9.1 through 4.9.3, Runtipi serves marketplace app logos from files inside cloned app-store repositories through an unauthenticated endpoint, which leads to arbitrary file read through app-store logo symlinks. The path guard checks only...

6.5CVSS0.00399EPSS
Exploits0References2
CVE
CVE
added 2026/06/16 9:43 p.m.23 views

CVE-2026-47277

Runtipi pre-4.10.0 is affected by an unauthenticated arbitrary file read through app-store logo symlinks. In versions 4.9.1–4.9.3, the public endpoint serves marketplace logos from files inside cloned app-store repositories; a logo symlink (e.g., metadata/logo.jpg) can cause the target file to be...

6.5CVSS5.3AI score0.00399EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.19 views

PT-2026-50119

Runtipi is a personal homeserver orchestrator. In versions 4.9.1 through 4.9.3, Runtipi serves marketplace app logos from files inside cloned app-store repositories through an unauthenticated endpoint, which leads to arbitrary file read through app-store logo symlinks. The path guard checks only...

6.5CVSS5.4AI score0.00399EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/03/26 3:2 p.m.6 views

CVE-2026-32729

Runtipi is a personal homeserver orchestrator. Prior to 4.8.1, The Runtipi /api/auth/verify-totp endpoint does not enforce any rate limiting, attempt counting, or account lockout mechanism. An attacker who has obtained a user's valid credentials via phishing, credential stuffing, or data breach c...

8.8CVSS5.9AI score0.0034EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/26 2:59 p.m.4 views

CVE-2026-31881

Runtipi is a personal homeserver orchestrator. Prior to 4.8.0, an unauthenticated attacker can reset the operator admin password when a password-reset request is active, resulting in full account takeover. The endpoint POST /api/auth/reset-password is exposed without authentication/authorization...

9.8CVSS5.9AI score0.0043EPSS
Exploits1References1
NVD
NVD
added 2026/03/16 2:19 p.m.5 views

CVE-2026-32729

Runtipi is a personal homeserver orchestrator. Prior to 4.8.1, The Runtipi /api/auth/verify-totp endpoint does not enforce any rate limiting, attempt counting, or account lockout mechanism. An attacker who has obtained a user's valid credentials via phishing, credential stuffing, or data breach c...

8.8CVSS0.0034EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/03/16 12:0 a.m.18 views

Runtipi 安全漏洞

Runtipi is an open-source family server orchestrator developed by Runtipi. Versions of Runtipi prior to 4.8.1 contained security vulnerabilities. These vulnerabilities stemmed from the/api/auth/verify-totp endpoint, which did not enforce any rate limits or account locking mechanisms. This allowed...

8.8CVSS5.8AI score0.0034EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/03/13 9:41 p.m.2 views

CVE-2026-32729 Runtipi has a TOTP two-factor authentication bypass via unrestricted brute-force on `/api/auth/verify-totp`

Runtipi is a personal homeserver orchestrator. Prior to 4.8.1, The Runtipi /api/auth/verify-totp endpoint does not enforce any rate limiting, attempt counting, or account lockout mechanism. An attacker who has obtained a user's valid credentials via phishing, credential stuffing, or data breach c...

8.1CVSS5.9AI score0.0034EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/03/13 9:41 p.m.49 views

CVE-2026-32729 Runtipi has a TOTP two-factor authentication bypass via unrestricted brute-force on `/api/auth/verify-totp`

Runtipi is a personal homeserver orchestrator. Prior to 4.8.1, The Runtipi /api/auth/verify-totp endpoint does not enforce any rate limiting, attempt counting, or account lockout mechanism. An attacker who has obtained a user's valid credentials via phishing, credential stuffing, or data breach c...

8.1CVSS0.0034EPSS
Exploits1References1
CVE
CVE
added 2026/03/13 9:41 p.m.21 views

CVE-2026-32729

Runtipi CVE-2026-32729: The /api/auth/verify-totp endpoint lacks rate limiting, attempt counting, and account lockout prior to version 4.8.1, allowing brute-forcing of a 6-digit TOTP if valid credentials are known. The TOTP verification session lasts ~24 hours (default cache TTL), enabling a larg...

8.8CVSS5.9AI score0.0034EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2026/03/13 9:41 p.m.4 views

CVE-2026-32729 Runtipi has a TOTP two-factor authentication bypass via unrestricted brute-force on `/api/auth/verify-totp`

Runtipi is a personal homeserver orchestrator. Prior to 4.8.1, The Runtipi /api/auth/verify-totp endpoint does not enforce any rate limiting, attempt counting, or account lockout mechanism. An attacker who has obtained a user's valid credentials via phishing, credential stuffing, or data breach c...

8.1CVSS5.9AI score0.0034EPSS
Exploits1References3
EUVD
EUVD
added 2026/03/13 9:41 p.m.7 views

EUVD-2026-12180

Runtipi is a personal homeserver orchestrator. Prior to 4.8.1, The Runtipi /api/auth/verify-totp endpoint does not enforce any rate limiting, attempt counting, or account lockout mechanism. An attacker who has obtained a user's valid credentials via phishing, credential stuffing, or data breach c...

8.1CVSS5.9AI score0.0034EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/03/13 12:0 a.m.9 views

PT-2026-25401

Runtipi is a personal homeserver orchestrator. Prior to 4.8.1, The Runtipi /api/auth/verify-totp endpoint does not enforce any rate limiting, attempt counting, or account lockout mechanism. An attacker who has obtained a user's valid credentials via phishing, credential stuffing, or data breach c...

8.8CVSS5.9AI score0.0034EPSS
Exploits1References8
Vulnrichment
Vulnrichment
added 2026/03/11 6:37 p.m.1 views

CVE-2026-31881 Runtipi unauthenticated /api/auth/reset-password allows operator account takeover during active reset window

Runtipi is a personal homeserver orchestrator. Prior to 4.8.0, an unauthenticated attacker can reset the operator admin password when a password-reset request is active, resulting in full account takeover. The endpoint POST /api/auth/reset-password is exposed without authentication/authorization...

7.7CVSS5.9AI score0.0043EPSS
Exploits1References1
EUVD
EUVD
added 2026/03/11 6:37 p.m.3 views

EUVD-2026-11294

Runtipi is a personal homeserver orchestrator. Prior to 4.8.0, an unauthenticated attacker can reset the operator admin password when a password-reset request is active, resulting in full account takeover. The endpoint POST /api/auth/reset-password is exposed without authentication/authorization...

7.7CVSS5.9AI score0.0043EPSS
Exploits1References1
CVE
CVE
added 2026/03/11 6:37 p.m.13 views

CVE-2026-31881

CVE-2026-31881 (Runtipi): Affects the Runtipi personal homeserver orchestrator. Before version 4.8.0, an unauthenticated attacker could exploit the password reset flow at POST /api/auth/reset-password during an active 15-minute reset window to set a new operator password and gain admin access, ca...

9.8CVSS5.9AI score0.0043EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2026/03/11 12:0 a.m.7 views

Runtipi 访问控制错误漏洞

Runtipi is an open-source family server orchestrator developed by Runtipi. Versions of Runtipi prior to 4.8.0 contained a security vulnerability related to access control. This vulnerability stemmed from an unvalidated password reset endpoint, which could lead to account takeover attacks...

9.8CVSS5.8AI score0.0043EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/03/11 12:0 a.m.5 views

PT-2026-24792

Runtipi is a personal homeserver orchestrator. Prior to 4.8.0, an unauthenticated attacker can reset the operator admin password when a password-reset request is active, resulting in full account takeover. The endpoint POST /api/auth/reset-password is exposed without authentication/authorization...

7.7CVSS5.9AI score0.0043EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/01/31 3:19 a.m.7 views

CVE-2026-25116

Runtipi is a personal homeserver orchestrator. Starting in version 4.5.0 and prior to version 4.7.2, an unauthenticated Path Traversal vulnerability in the UserConfigController allows any remote user to overwrite the system's docker-compose.yml configuration file. By exploiting insecure URN...

8.8CVSS6AI score0.00566EPSS
Exploits1References1
NVD
NVD
added 2026/01/29 10:15 p.m.10 views

CVE-2026-25116

Runtipi is a personal homeserver orchestrator. Starting in version 4.5.0 and prior to version 4.7.2, an unauthenticated Path Traversal vulnerability in the UserConfigController allows any remote user to overwrite the system's docker-compose.yml configuration file. By exploiting insecure URN...

8.8CVSS0.00566EPSS
Exploits1References2
Rows per page
Query Builder