CVE-2026-42886

Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.32.2, the POST /api/backups/upload endpoint decompresses the details entry from an uploaded .audiobookshelf ZIP file entirely into memory using zip.entryData, with no limit on the decompressed size. The upload middleware als...

PT-2024-39221 · WordPress · File Manager Pro

Name of the Vulnerable Software and Affected Versions: File Manager Pro plugin for WordPress versions up to, and including, 8.3.9 Description: The issue allows unauthenticated attackers, if granted access to the File Manager by an administrator, to download and upload arbitrary backup files on th...