5 matches found
CVE-2026-42886
Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.32.2, the POST /api/backups/upload endpoint decompresses the details entry from an uploaded .audiobookshelf ZIP file entirely into memory using zip.entryData, with no limit on the decompressed size. The upload middleware als...
CVE-2020-36887
SpinetiX Fusion Digital Signage 3.4.8 contains an unauthenticated information disclosure vulnerability in the database backup directory. Attackers can access the /content/files/backups/ endpoint to download sensitive backup files containing user credentials and system information...
PT-2025-50511
SpinetiX Fusion Digital Signage 3.4.8 contains an unauthenticated information disclosure vulnerability in the database backup directory. Attackers can access the /content/files/backups/ endpoint to download sensitive backup files containing user credentials and system information...
CVE-2025-24960 Missing Input validation for filename in backups endpoint in Jellystat
Jellystat is a free and open source Statistics App for Jellyfin. In affected versions Jellystat is directly using a user input in the routes. This can lead to Path Traversal Vulnerabilities. Since this functionality is only for admins, there is very little scope for abuse. However, the DELETE...
CVE-2025-24960 Missing Input validation for filename in backups endpoint in Jellystat
Jellystat is a free and open source Statistics App for Jellyfin. In affected versions Jellystat is directly using a user input in the routes. This can lead to Path Traversal Vulnerabilities. Since this functionality is only for admins, there is very little scope for abuse. However, the DELETE...