CVE-2026-44542 FileBrowser Quantum: Unauthenticated Path Traversal in Public Share Delete Allows Arbitrary File Deletion

FileBrowser Quantum is a free, self-hosted, web-based file manager. Prior to 1.3.1-stable and 1.3.9-beta, attacker-controlled path input is joined with a trusted base path prior to sanitization, allowing traversal sequences e.g., ../ to escape the intended shared directory. As a result, an...

FileBrowser Quantum 安全漏洞

FileBrowser Quantum is a file manager developed by Graham Steffaniak. Versions of FileBrowser Quantum prior to 1.3.1-beta and 1.2.2-stable contained security vulnerabilities. These vulnerabilities stemmed from the fact that tokenized download URLs were still exposed through /public/api/share/info...

CVE-2025-48106

Unrestricted Upload of File with Dangerous Type vulnerability in CMSSuperHeroes Clanora clanora allows Using Malicious Files.This issue affects Clanora: from n/a through 1.3.1...

PT-2025-43162

Name of the Vulnerable Software and Affected Versions CMSSuperHeroes Clanora versions prior to 1.3.1 Description The software contains a flaw related to unrestricted file uploads, potentially allowing the use of malicious files. This could allow an attacker to upload files of dangerous types...

Linux Distros Unpatched Vulnerability : CVE-2018-3719

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mixin-deep node module before 1.3.1 suffers from a Modification of Assumed-Immutable Data MAID vulnerability, which allows a malicious user to modify the...

CVE-2025-58067

CVE-2025-58067 affects Basecamp’s google_sign_in gem for Rails before 1.3.1. The issue allows a redirect to another origin when the session key proceed_to is a protocol-relative URL, potentially set by a malicious site via form submission and then used in an OAuth2 request. The vulnerability reli...

Google Sign-In for Rails 输入验证错误漏洞

Google Sign-In for Rails is Basecamp's open source software for signing in using Google for Rails applications. An input validation error vulnerability exists in Google Sign-In for Rails versions prior to 1.3.1, which stems from the possibility that the proceedto value could be redirected to...

CVE-2023-0234

The SiteGround Security WordPress plugin before 1.3.1 does not properly sanitize user input before using it in an SQL query, leading to an authenticated SQL injection issue...

anything-llm 安全漏洞

anything-llm is an all-in-one desktop and Docker AI application open-sourced by Mintplex. A security vulnerability exists in versions of anything-llm prior to 1.3.1, which stems from the multer library's mishandling of path traversal for non-ASCII filenames, which could lead to arbitrary file...

Laravel Pulse 安全漏洞

Laravel Pulse is an open source real-time application performance monitoring tool and dashboard for Laravel applications from The Laravel Framework. A security vulnerability exists in Laravel Pulse versions prior to 1.3.1, which stems from vulnerability to a remote code execution attack that can ...

WordPress Plugin Check (PCP) plugin < 1.3.1 - Cross-Site Scripting vulnerability

Cross-Site Scripting vulnerability discovered by NinTechNet in WordPress Plugin Plugin Check PCP versions 1.3.1...

PT-2024-35952 · Unknown · Centurion Erp

Name of the Vulnerable Software and Affected Versions: Centurion ERP versions prior to 1.3.1 Description: A user with view permissions for a ticket can view the tickets of another organization they are not a part of, if they have specific permissions such as view ticket change, view ticket...

Jamf Compliance Editor Security Vulnerability

Jamf Compliance Editor is a tool from Jamf-Concepts Individual Developers that provides macOS, iOS/iPadOS system administrators with an easy way to establish and manage compliance baselines on their Apple device queues. A security vulnerability exists in versions of Jamf Compliance Editor prior t...

PYSEC-2024-52

lepture Authlib before 1.3.1 has algorithm confusion with asymmetric public keys. Unless an algorithm is specified in a jwt.decode call, HMAC verification is allowed with any asymmetric public key. This is similar to CVE-2022-29217 and CVE-2024-33663...

PT-2024-27665 · Unknown +2 · Lepture Authlib +2

Name of the Vulnerable Software and Affected Versions: lepture Authlib versions prior to 1.3.1 Description: The issue concerns algorithm confusion with asymmetric public keys in lepture Authlib. Unless an algorithm is specified in a jwt.decode call, HMAC verification is allowed with any asymmetri...

PT-2024-23279 · Unknown · Wholesalex

Name of the Vulnerable Software and Affected Versions: WholesaleX versions prior to 1.3.1 Description: The issue is related to the exposure of sensitive information to an unauthorized actor. This is a problem where sensitive data is made available to individuals who should not have access to it...

CVE-2023-41738

Improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerability in Directory Domain Functionality in Synology Router Manager SRM before 1.3.1-9346-6 allows remote authenticated users to execute arbitrary commands via unspecified vectors...

Silicon Labs Unify Gateway 缓冲区错误漏洞

Silicon Labs Unify Gateway is a gateway device in an Internet of Things IoT solution from Silicon Labs, Inc. A security vulnerability exists in Silicon Labs Unify Gateway version 1.3.1 and prior versions, which originates from a stack buffer overflow that can lead to arbitrary code execution...

Nanoleaf Desktop App 命令注入漏洞

Nanoleaf Desktop App is a desktop application from Nanoleaf, Inc. for controlling and managing the settings and features of Nanoleaf smart light panels. A security vulnerability exists in Nanoleaf Desktop App versions prior to 1.3.1 that stems from the presence of a command injection vulnerabilit...

PT-2023-14976 · Nanoleaf · Nanoleaf Desktop App

Name of the Vulnerable Software and Affected Versions: Nanoleaf Desktop App versions prior to 1.3.1 Description: A command injection issue was discovered, which can be exploited through a crafted HTTP request. Recommendations: For versions prior to 1.3.1, update to version 1.3.1 or later to resol...