17 matches found
GO-2026-5746 Docker: `PUT /containers/{id}/archive` executes container binary on the host in github.com/docker/docker
Docker: PUT /containers/id/archive executes container binary on the host in github.com/docker/docker...
Improper Authorization
code.gitea.io/gitea is vulnerable to improper authorization. The vulnerability is due to the /archive/ endpoint not enforcing OAuth2 download token scope validation checkDownloadTokenScope or CheckRepoScopedToken, which allows an attacker with an OAuth2 token to download repository archives witho...
GHSA-CR4G-F395-H25H Gitea: Token scope bypass on web archive download endpoint
Summary PR 37698 added checkDownloadTokenScope to /raw/, /media/, and attachment download web endpoints. The /archive/ endpoint repo.Download in routers/web/repo/repo.go:372 was not included in the fix. This endpoint accepts OAuth2 tokens via webAuth.AllowOAuth2 registered at...
PT-2026-50134
Name of the Vulnerable Software and Affected Versions Gitea affected versions not specified Description A scope escalation issue exists in the web archive download endpoint. A personal access token with any non-repository scope, such as read:issue or read:misc, can be used to download full...
CVE-2026-46612
Fission StorageSvc exposes archive CRUD endpoints (/v1/archive and /v1/archives) on the HTTP router without authentication prior to v1.23.0, allowing any caller within the same Kubernetes cluster to enumerate archive IDs, download archives from other tenants, upload arbitrary content, and delete ...
CVE-2026-46612 Fission StorageSvc /v1/archive endpoint exposes unauthenticated CRUD over all function archives
Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.23.0, the Fission storagesvc component registers archive CRUD handlers /v1/archive GET / POST / DELETE and /v1/archives list directly on...
CVE-2026-46612 Fission StorageSvc /v1/archive endpoint exposes unauthenticated CRUD over all function archives
Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.23.0, the Fission storagesvc component registers archive CRUD handlers /v1/archive GET / POST / DELETE and /v1/archives list directly on...
CVE-2026-8502
Technical details for CVE-2026-8502 are not provided in the connected documents; the available description notes exposure via c_status and return_type in LearnPress
Fission StorageSvc /v1/archive endpoint exposes unauthenticated CRUD over all function archives
Summary The Fission storagesvc component registers archive CRUD handlers /v1/archive GET / POST / DELETE and /v1/archives list directly on its HTTP router without performing any authentication or authorization. Any caller able to reach the storagesvc ClusterIP — including any other workload in th...
GHSA-CHF8-4HV6-8PG6 Fission StorageSvc /v1/archive endpoint exposes unauthenticated CRUD over all function archives
Summary The Fission storagesvc component registers archive CRUD handlers /v1/archive GET / POST / DELETE and /v1/archives list directly on its HTTP router without performing any authentication or authorization. Any caller able to reach the storagesvc ClusterIP — including any other workload in th...
PT-2026-41765
Name of the Vulnerable Software and Affected Versions Docker affected versions not specified Description When handling 'PUT /containers/id/archive' requests with compressed archives, the daemon decompresses them using external system binaries. Due to incorrect operation ordering, these binaries a...
CVE-2026-42455
Linkwarden is a self-hosted, open-source collaborative bookmark manager to collect, organize and archive webpages. In versions 2.14.0 and prior, the archive upload endpoint POST /api/v1/archives/linkId?format=4 accepts HTML files text/html without sanitizing JavaScript content. When the archive i...
CVE-2026-1870
The Thim Kit for Elementor – Pre-built Templates & Widgets for Elementor plugin for WordPress is vulnerable to unauthorized access of data due to a missing validation checks on the 'thim-ekit/archive-course/get-courses' REST endpoint callback function in all versions up to, and including, 1.3.7...
Exploit for Argument Injection in Atlassian Bitbucket
CVE-2022-36804: Bitbucket Remote Command Execution RCE...
SUSE CVE-2025-43919
GNU Mailman 2.1.39, as bundled in cPanel and WHM, allows unauthenticated attackers to read arbitrary files via ../ directory traversal at /mailman/private/mailman aka the private archive authentication endpoint via the username parameter. NOTE: multiple third parties report that they are unable t...
UBUNTU-CVE-2025-43919
GNU Mailman 2.1.39, as bundled in cPanel and WHM, allows unauthenticated attackers to read arbitrary files via ../ directory traversal at /mailman/private/mailman aka the private archive authentication endpoint via the username parameter. NOTE: multiple third parties report that they are unable t...
PT-2021-17859 · Seo Panel · Seo Panel
Name of the Vulnerable Software and Affected Versions: Seo Panel version 4.8.0 Description: A cross-site scripting XSS issue allows remote attackers to inject JavaScript via the "archive.php" endpoint and the search name parameter. Recommendations: For Seo Panel version 4.8.0, consider disabling...