25 matches found
SUSE CVE-2026-25161
Alist is a file list program that supports multiple storages, powered by Gin and Solidjs. Prior to version 3.57.0, the application contains path traversal vulnerability in multiple file operation handlers. An authenticated attacker can bypass directory-level authorisation by injecting traversal...
CVE-2026-25161
Alist is a file list program that supports multiple storages, powered by Gin and Solidjs. Prior to version 3.57.0, the application contains path traversal vulnerability in multiple file operation handlers. An authenticated attacker can bypass directory-level authorisation by injecting traversal...
CVE-2026-25160
Alist is a file list program that supports multiple storages, powered by Gin and Solidjs. Prior to version 3.57.0, the application disables TLS certificate verification by default for all outgoing storage driver communications, making the system vulnerable to Man-in-the-Middle MitM attacks. This...
CVE-2026-25160
Alist is a file list program that supports multiple storages, powered by Gin and Solidjs. Prior to version 3.57.0, the application disables TLS certificate verification by default for all outgoing storage driver communications, making the system vulnerable to Man-in-the-Middle MitM attacks. This...
CVE-2026-25161
CVE-2026-25161 affects Alist up to version 3.56.x, with a path traversal flaw in multiple file operation handlers. By injecting traversal sequences into filename components, an authenticated user can bypass directory-level authorisation and perform unauthorised removal, movement, or copying of fi...
CVE-2026-25161
Alist is a file list program that supports multiple storages, powered by Gin and Solidjs. Prior to version 3.57.0, the application contains path traversal vulnerability in multiple file operation handlers. An authenticated attacker can bypass directory-level authorisation by injecting traversal...
CVE-2026-25161 Alist vulnerable to Path Traversal in multiple file operation handlers
Alist is a file list program that supports multiple storages, powered by Gin and Solidjs. Prior to version 3.57.0, the application contains path traversal vulnerability in multiple file operation handlers. An authenticated attacker can bypass directory-level authorisation by injecting traversal...
CVE-2026-25161 Alist vulnerable to Path Traversal in multiple file operation handlers
Alist is a file list program that supports multiple storages, powered by Gin and Solidjs. Prior to version 3.57.0, the application contains path traversal vulnerability in multiple file operation handlers. An authenticated attacker can bypass directory-level authorisation by injecting traversal...
CVE-2026-25161 Alist vulnerable to Path Traversal in multiple file operation handlers
Alist is a file list program that supports multiple storages, powered by Gin and Solidjs. Prior to version 3.57.0, the application contains path traversal vulnerability in multiple file operation handlers. An authenticated attacker can bypass directory-level authorisation by injecting traversal...
CVE-2026-25160
Alist is a file list program that supports multiple storages, powered by Gin and Solidjs. Prior to version 3.57.0, the application disables TLS certificate verification by default for all outgoing storage driver communications, making the system vulnerable to Man-in-the-Middle MitM attacks. This...
CVE-2026-25160 Alist has Insecure TLS Config
Alist is a file list program that supports multiple storages, powered by Gin and Solidjs. Prior to version 3.57.0, the application disables TLS certificate verification by default for all outgoing storage driver communications, making the system vulnerable to Man-in-the-Middle MitM attacks. This...
CVE-2026-25160
CVE-2026-25160 affects Alist prior to 3.57.0, where TLS certificate verification is disabled by default for all outgoing storage communications. This insecure TLS configuration enables potential Man-in-the-Middle (MitM) attacks, allowing interception, decryption, and possible tampering of data du...
CVE-2026-25160 Alist has Insecure TLS Config
Alist is a file list program that supports multiple storages, powered by Gin and Solidjs. Prior to version 3.57.0, the application disables TLS certificate verification by default for all outgoing storage driver communications, making the system vulnerable to Man-in-the-Middle MitM attacks. This...
Improper Certificate Validation
Overview github.com/alist-org/alist/v3/server/handles is a file listing program powered by Gin and Solidjs Affected versions of this package are vulnerable to Improper Certificate Validation due to the DefaultConfig function, which sets TlsInsecureSkipVerify to true, disabling TLS certificate...
Improper Certificate Validation
Overview Affected versions of this package are vulnerable to Improper Certificate Validation due to the DefaultConfig function, which sets TlsInsecureSkipVerify to true, disabling TLS certificate verification for all outgoing storage driver communications. An attacker can intercept and manipulate...
PT-2026-6278
Name of the Vulnerable Software and Affected Versions Alist versions prior to 3.57.0 Description Alist, a file list program powered by Gin and Solidjs, has a configuration issue where TLS certificate verification is disabled by default for all outgoing storage driver communications. This allows f...
CVE-2023-33271
An issue was discovered in DTS Monitoring 3.57.0. The parameter commonname within the SSL Certificate check function is vulnerable to OS command injection blind...
CVE-2023-33269
An issue was discovered in DTS Monitoring 3.57.0. The parameter options within the WGET check function is vulnerable to OS command injection blind...
DTS Monitoring Operating System Command Injection Vulnerability
DTS Monitoring is an information system monitoring platform from DTS Corporation. An operating system command injection vulnerability exists in DTS Monitoring version 3.57.0, which stems from the options parameter in the WGET check function being susceptible to operating system command injection...
DTS Monitoring Operating System Command Injection Vulnerability
DTS Monitoring is an information system monitoring platform from DTS Corporation. An operating system command injection vulnerability exists in DTS Monitoring version 3.57.0, which originates from the commonname parameter in the SSL certificate check function being susceptible to operating system...