100 matches found
CVE-2026-48944
Summary: CVE-2026-48944 affects the K2 Joomla extension (getk2.com) where the frontend article-save handler accepts a parameter attachment[N][existing] that is concatenated with JPATH_SITE/ and passed to JFile::copy(). Since JPath::clean does not strip “..” and there is no allow-list of source pa...
CVE-2026-48944
The K2 frontend article-save handler accepts an attachmentNexisting POST field that is concatenated with JPATHSITE/ and passed to JFile::copy. JPath::clean does NOT strip .., and there is no allow-list of source paths. An Author can therefore copy configuration.php or any other file readable by t...
CVE-2026-52799 Gogs: Missing Authorization in Attachment Download
Gogs is an open source self-hosted Git service. Prior to 0.14.3, GET /attachments/:uuid returns the raw attachment file without verifying whether the requester has view permission for the associated Issue/Comment/Release or the repository. In a test environment with REQUIRESIGNINVIEW = false, we...
CVE-2026-52799
Gogs is an open source self-hosted Git service. Prior to 0.14.3, GET /attachments/:uuid returns the raw attachment file without verifying whether the requester has view permission for the associated Issue/Comment/Release or the repository. In a test environment with REQUIRESIGNINVIEW = false, we...
CVE-2026-52799
Gogs (version
GHSA-P9F5-H3RX-J5QW Gogs Missing Authorization in Attachment Download
Summary In Gogs 0.14.1, GET /attachments/:uuid returns the raw attachment file without verifying whether the requester has view permission for the associated Issue/Comment/Release or the repository. In a test environment with REQUIRESIGNINVIEW = false, we confirmed that an unauthenticated user ca...
CVE-2026-40514
SmarterTools SmarterMail builds prior to 9610 contain a cryptographic weakness in the file and email sharing endpoints that use DES-CBC encryption with keys and initialization vectors derived from System.Random seeded with insufficient entropy, reducing the seed space to approximately 19,000...
CVE-2026-42071
Mantis Bug Tracker MantisBT is an open source issue tracker. From 2.23.0 to 2.28.1, a missing authorization check in MantisBT's file visibility function allows any authenticated user REPORTER+ to download attachments on private bugnotes they should not be able to access, via the REST API endpoint...
EUVD-2026-33027
Mantis Bug Tracker MantisBT is an open source issue tracker. From 2.23.0 to 2.28.1, a missing authorization check in MantisBT's file visibility function allows any authenticated user REPORTER+ to download attachments on private bugnotes they should not be able to access, via the REST API endpoint...
Mantis Bug Tracker 安全漏洞
Mantis Bug Tracker MantisBT is an open-source bug tracker developed by Mantis Bug Tracker. Versions of Mantis Bug Tracker prior to 2.28.2 contained a security vulnerability. This vulnerability stemmed from a lack of authorization checks in the file visibility function, allowing authenticated user...
Trilium Notes 路径遍历漏洞
Trilium Notes is a hierarchical note application developed by Zadam’s individual developer. It focuses on building large personal knowledge bases. Versions of Trilium Notes prior to 0.102.1 contained a path traversal vulnerability. This vulnerability originated from local files and could allow...
EUVD-2026-30178
Incorrect privileges management and insufficient path filtering allow to read arbitrary file on the server via the cpdavd attachment download endpoints...
CVE-2026-29205
Incorrect privileges management and insufficient path filtering allow to read arbitrary file on the server via the cpdavd attachment download endpoints...
CVE-2026-29205
Incorrect privileges management and insufficient path filtering allow to read arbitrary file on the server via the cpdavd attachment download endpoints...
CVE-2026-40514
SmarterTools SmarterMail builds prior to 9610 contain a cryptographic weakness in the file and email sharing endpoints that use DES-CBC encryption with keys and initialization vectors derived from System.Random seeded with insufficient entropy, reducing the seed space to approximately 19,000...
CVE-2026-40514
SmarterTools SmarterMail builds prior to 9610 are affected by a cryptographic weakness in file and email sharing endpoints. DES-CBC is used with keys and IVs derived from System.Random seeded with insufficient entropy, reducing the seed space to about 19,000 values. An unauthenticated attacker ca...
CVE-2026-32255
Kan is an open-source project management tool. In versions 0.5.4 and below, the /api/download/attatchment endpoint has no authentication and no URL validation. The Attachment Download endpoint accepts a user-supplied URL query parameter and passes it directly to fetch server-side, and returns the...
CVE-2026-32255
Kan is an open-source project management tool. In versions 0.5.4 and below, the /api/download/attatchment endpoint has no authentication and no URL validation. The Attachment Download endpoint accepts a user-supplied URL query parameter and passes it directly to fetch server-side, and returns the...
CVE-2026-32255 Kan is Vulnerable to Unauthenticated SSRF via Attachment Download Endpoint
Kan is an open-source project management tool. In versions 0.5.4 and below, the /api/download/attatchment endpoint has no authentication and no URL validation. The Attachment Download endpoint accepts a user-supplied URL query parameter and passes it directly to fetch server-side, and returns the...
CVE-2026-32255 Kan is Vulnerable to Unauthenticated SSRF via Attachment Download Endpoint
Kan is an open-source project management tool. In versions 0.5.4 and below, the /api/download/attatchment endpoint has no authentication and no URL validation. The Attachment Download endpoint accepts a user-supplied URL query parameter and passes it directly to fetch server-side, and returns the...