CVE-2026-34745

Fireshare facilitates self-hosted media and link sharing. Prior to version 1.5.3, the fix for CVE-2026-33645 was applied to the authenticated /api/uploadChunked endpoint but was not applied to the unauthenticated /api/uploadChunked/public endpoint in the same file app/server/fireshare/api.py. An...

CVE-2026-34745 Unauthenticated Path Traversal Arbitrary File Write in /api/uploadChunked/public

Fireshare facilitates self-hosted media and link sharing. Prior to version 1.5.3, the fix for CVE-2026-33645 was applied to the authenticated /api/uploadChunked endpoint but was not applied to the unauthenticated /api/uploadChunked/public endpoint in the same file app/server/fireshare/api.py. An...

CVE-2026-34745 Unauthenticated Path Traversal Arbitrary File Write in /api/uploadChunked/public

Fireshare facilitates self-hosted media and link sharing. Prior to version 1.5.3, the fix for CVE-2026-33645 was applied to the authenticated /api/uploadChunked endpoint but was not applied to the unauthenticated /api/uploadChunked/public endpoint in the same file app/server/fireshare/api.py. An...

CVE-2026-34745

Fireshare: CVE-2026-34745 is an unauthenticated path-traversal/arbitrary file-write vulnerability in the public chunked-upload endpoint (/api/uploadChunked/public). Before 1.5.3, the fix applied to the authenticated endpoint (/api/uploadChunked) was not propagated to the public one, allowing an a...

PT-2026-29874

Fireshare facilitates self-hosted media and link sharing. Prior to version 1.5.3, the fix for CVE-2026-33645 was applied to the authenticated /api/uploadChunked endpoint but was not applied to the unauthenticated /api/uploadChunked/public endpoint in the same file app/server/fireshare/api.py. An...

CVE-2022-38538

Archery v1.7.0 to v1.8.5 was discovered to contain a SQL injection vulnerability via the checksum parameter in the report module...

EUVD-2022-41117

Malicious code in bioql PyPI...

CVE-2022-38538

Archery v1.7.0 to v1.8.5 was discovered to contain a SQL injection vulnerability via the checksum parameter in the report module...

CVE-2022-38538

Archery v1.7.0 to v1.8.5 was discovered to contain a SQL injection vulnerability via the checksum parameter in the report module...

PT-2022-24444 · Archery · Archery

Name of the Vulnerable Software and Affected Versions: Archery versions 1.7.0 through 1.8.5 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the checksum parameter in the report module. Recommendations: For versions 1.7.0 through 1.8.5, a...

Archery SQL注入漏洞

Archery is a set of open source vulnerability assessment and management tools. A security vulnerability exists in Archery versions v1.7.0 through v1.8.5, which stems from the checksum parameter in the report module containing a SQL injection vulnerability...

CVE-2022-38538

Archery v1.7.0–v1.8.5 contains a SQL injection vulnerability in the report module exposed via the checksum parameter. The issue affects versions 1.7.0 through 1.8.5; the underlying cause is a vulnerable handling of the checksum parameter in the report module (no further technical details provided...

Jenkins 跨站脚本漏洞

Jenkins is a Jenkins open source application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project. A cross-site scripting vulnerability exists in Jenkins Git Plugin 4.8.2 and earlier versions that stems from not bypassin...

Huawei OxfordS-AN00A 输入验证错误漏洞

Huawei OxfordS-AN00A is a smartphone from Huawei China.The Huawei OxfordS-AN00A is vulnerable to an input validation error, which stems from a missing parameter checksum. An attacker could trick users into installing a malicious app, which could modify specific parameters and cause the system to...

Quest KACE System Management Appliance Path Traversal Vulnerability

Quest KACE System Management Appliance is an IT asset management appliance from Quest Software, USA. A path traversal vulnerability exists in Quest KACE System Management Appliance version 8.0.318. The vulnerability can be exploited to read arbitrary files via the 'checksum' parameter in the...

CVE-2018-11137

The 'checksum' parameter of the '/common/downloadattachment.php' script in the Quest KACE System Management Appliance 8.0.318 can be abused to read arbitrary files with 'www' privileges via Directory Traversal. No administrator privileges are needed to execute this script...