EUVD-2026-39520

Seahub before 13.0.23 does not enforce SHARELINKLOGINREQUIRED on GET /api/v2.1/share-link-zip-task/, allowing unauthenticated users to bypass authentication. Attackers with a folder share-link token can call the GET endpoint to obtain a fileserver zip token and download entire shared directory...

CVE-2026-56768

Seahub before 13.0.23 does not enforce SHARELINKLOGINREQUIRED on GET /api/v2.1/share-link-zip-task/, allowing unauthenticated users to bypass authentication. Attackers with a folder share-link token can call the GET endpoint to obtain a fileserver zip token and download entire shared directory...

CVE-2026-56768

Vulnerability summary (CVE-2026-56768) Seahub versions before 13.0.23 fail to enforce SHARE_LINK_LOGIN_REQUIRED on GET /api/v2.1/share-link-zip-task/, allowing unauthenticated access when a folder share-link token is present. An attacker can call the GET endpoint to obtain a fileserver zip token ...

SUSE CVE-2018-13684

The mintToken function of a smart contract implementation for ZIP, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value...

CVE-2018-13684

The mintToken function of a smart contract implementation for ZIP, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value...

Integer overflow

The mintToken function of a smart contract implementation for ZIP, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value...