35 matches found
CVE-2026-42564
jotty·page is a self-hosted app for your checklists and notes. Prior to 1.22.0, an unauthenticated path traversal vulnerability exists in /api/app-icons/filename. The filename route parameter is joined into a filesystem path without traversal/boundary validation, allowing file reads outside...
CVE-2026-42564
jotty·page is a self-hosted app for your checklists and notes. Prior to 1.22.0, an unauthenticated path traversal vulnerability exists in /api/app-icons/filename. The filename route parameter is joined into a filesystem path without traversal/boundary validation, allowing file reads outside...
EUVD-2026-29329
jotty·page is a self-hosted app for your checklists and notes. Prior to 1.22.0, an unauthenticated path traversal vulnerability exists in /api/app-icons/filename. The filename route parameter is joined into a filesystem path without traversal/boundary validation, allowing file reads outside...
CVE-2026-42564
jotty·page is a self-hosted app for your checklists and notes. Prior to 1.22.0, an unauthenticated path traversal vulnerability exists in /api/app-icons/filename. The filename route parameter is joined into a filesystem path without traversal/boundary validation, allowing file reads outside...
CVE-2026-42564 jotty·page: Unauthenticated Path Traversal leads to sensitive file disclosure and session-token reuse impact
jotty·page is a self-hosted app for your checklists and notes. Prior to 1.22.0, an unauthenticated path traversal vulnerability exists in /api/app-icons/filename. The filename route parameter is joined into a filesystem path without traversal/boundary validation, allowing file reads outside...
CVE-2026-42564 jotty·page: Unauthenticated Path Traversal leads to sensitive file disclosure and session-token reuse impact
jotty·page is a self-hosted app for your checklists and notes. Prior to 1.22.0, an unauthenticated path traversal vulnerability exists in /api/app-icons/filename. The filename route parameter is joined into a filesystem path without traversal/boundary validation, allowing file reads outside...
CVE-2026-42564
CVE-2026-42564 affects jotty.page (self-hosted notes/checklists app). Before version 1.22.0, there is an unauthenticated path traversal in the /api/app-icons/[filename] endpoint: the filename parameter is directly joined into a filesystem path without traversal/boundary validation, allowing reads...
PT-2026-39853
Name of the Vulnerable Software and Affected Versions jotty·page versions prior to 1.22.0 Description An unauthenticated path traversal issue exists in the '/api/app-icons/filename' endpoint. The filename route parameter is joined into a filesystem path without proper traversal or boundary...
EUVD-2022-49544
Malicious code in bioql PyPI...
EUVD-2023-38258
Malicious code in bioql PyPI...
Malicious code in @gmgn/app-icons (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 84805b96dd0a60155a6fa059a708837254facd211be9d7b614fae3a5fdeffa70 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
[SECURITY] Fedora 42 Update: gotify-desktop-1.3.7-5.fc42
Small Gotify daemon to receive messages and forward them as desktop notificat ions. Read Gotify messages, and forward them as standard desktop notification . Forward message priority. Auto reconnect if server connection is lost and g et missed messages. Automatically download, cache, and show app...
CVE-2023-34160
Vulnerability of spoofing trustlists of Huawei desktop.Successful exploitation of this vulnerability can cause third-party apps to hide app icons on the desktop to prevent them from being uninstalled...
CVE-2023-34167
Vulnerability of spoofing trustlists of Huawei desktop.Successful exploitation of this vulnerability can cause third-party apps to hide app icons on the desktop to prevent them from being uninstalled...
CVE-2022-46761
The system has a vulnerability that may cause dynamic hiding and restoring of app icons.Successful exploitation of this vulnerability may cause malicious hiding of app icons...
[SECURITY] Fedora 40 Update: gotify-desktop-1.3.7-4.fc40
Small Gotify daemon to receive messages and forward them as desktop notificat ions. Read Gotify messages, and forward them as standard desktop notification . Forward message priority. Auto reconnect if server connection is lost and g et missed messages. Automatically download, cache, and show app...
CVE-2023-34167
Vulnerability of spoofing trustlists of Huawei desktop.Successful exploitation of this vulnerability can cause third-party apps to hide app icons on the desktop to prevent them from being uninstalled...
CVE-2023-34158
Vulnerability of spoofing trustlists of Huawei desktop.Successful exploitation of this vulnerability can cause third-party apps to hide app icons on the desktop to prevent them from being uninstalled...
CVE-2023-34160
Vulnerability of spoofing trustlists of Huawei desktop.Successful exploitation of this vulnerability can cause third-party apps to hide app icons on the desktop to prevent them from being uninstalled...
CVE-2023-34160
Vulnerability of spoofing trustlists of Huawei desktop.Successful exploitation of this vulnerability can cause third-party apps to hide app icons on the desktop to prevent them from being uninstalled...