3 matches found
CVE-2026-28679
Home-Gallery.org is a self-hosted open-source web gallery to browse personal photos and videos. Prior to version 1.21.0, when a user requests a download, the application does not verify whether the requested file is located within the media source directory, which can result in sensitive system...
CVE-2025-41035
A problem has been discovered in appRain CMF 4.0.5. An authenticated Path Traversal vulnerability in /apprain/common/download/ allows remote users to bypass the intended SecurityManager restrictions and download any file if they have adequate permissions outside the document root configured on th...
CVE-2025-41035
appRain CMF 4.0.5 contains an authenticated path traversal vulnerability in the /apprain/common/download/ endpoint. The issue arises from handling of base64-encoded path parameters after /download/, allowing an attacker with sufficient permissions to access files outside the document root. Connec...