10 matches found
CVE-2026-24741
Summary: CVE-2026-24741 affects ConvertX, a self-hosted online file converter. Versions prior to 0.17.0 allow a crafted filename in the POST /delete endpoint to form a filesystem path and call unlink without proper validation, enabling path traversal (e.g., ../) to delete arbitrary files outside ...
CVE-2026-24741 ConvertX Vulnerable to Arbitrary File Deletion via Path Traversal in `POST /delete`
ConvertXis a self-hosted online file converter. In versions prior to 0.17.0, the POST /delete endpoint uses a user-controlled filename value to construct a filesystem path and deletes it via unlink without sufficient validation. By supplying path traversal sequences e.g., ../, an attacker can...
CVE-2026-24741 ConvertX Vulnerable to Arbitrary File Deletion via Path Traversal in `POST /delete`
ConvertXis a self-hosted online file converter. In versions prior to 0.17.0, the POST /delete endpoint uses a user-controlled filename value to construct a filesystem path and deletes it via unlink without sufficient validation. By supplying path traversal sequences e.g., ../, an attacker can...
CVE-2026-24741 ConvertX Vulnerable to Arbitrary File Deletion via Path Traversal in `POST /delete`
ConvertXis a self-hosted online file converter. In versions prior to 0.17.0, the POST /delete endpoint uses a user-controlled filename value to construct a filesystem path and deletes it via unlink without sufficient validation. By supplying path traversal sequences e.g., ../, an attacker can...
ConvertX path traversal vulnerability
ConvertX is a file format conversion tool developed by the ConvertX company. Versions of ConvertX prior to 0.17.0 contained a path traversal vulnerability. This vulnerability stemmed from the POST /delete endpoint using user-controlled filename values to construct file system paths and performing...
CVE-2025-66449 ConvertX has Path Traversal that leads to Arbitrary File Write and Arbitrary Code Execution
ConvertXis a self-hosted online file converter. In versions prior to 0.16.0, the endpoint /upload allows an authenticated user to write arbitrary files on the system, overwriting binaries and allowing code execution. The upload function takes file.name directly from user supplied data without doi...
CVE-2025-66449 ConvertX has Path Traversal that leads to Arbitrary File Write and Arbitrary Code Execution
ConvertXis a self-hosted online file converter. In versions prior to 0.16.0, the endpoint /upload allows an authenticated user to write arbitrary files on the system, overwriting binaries and allowing code execution. The upload function takes file.name directly from user supplied data without doi...
ConvertX 安全漏洞
ConvertX is a file format conversion tool from ConvertX, Inc. A security vulnerability exists in ConvertX versions prior to 0.16.0 that stems from the upload function not cleaning up filenames, which could lead to arbitrary files being written and arbitrary code being executed...
Malicious code in convertx (npm)
The package convertx was found to contain malicious code...
MAL-2025-17526 Malicious code in convertx (npm)
The package convertx was found to contain malicious code...