Lucene search
K

7 matches found

Snyk
Snyk
added 2026/04/03 3:14 p.m.3 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the file content endpoint. An attacker can access files belonging to other users by supplying a valid file identifier associated with the target user's files. Note: Vendor's statement...

5.3CVSS5.7AI score0.00221EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/03/28 12:25 a.m.6 views

SUSE CVE-2026-33528

GoDoxy is a reverse proxy and container orchestrator for self-hosters. Prior to version 0.27.5, the file content API endpoint at /api/v1/file/content is vulnerable to path traversal. The filename query parameter is passed directly to path.Joincommon.ConfigBasePath, filename where ConfigBasePath =...

6.5CVSS5.9AI score0.00502EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/03/27 10:51 p.m.3 views

CVE-2026-33528

GoDoxy is a reverse proxy and container orchestrator for self-hosters. Prior to version 0.27.5, the file content API endpoint at /api/v1/file/content is vulnerable to path traversal. The filename query parameter is passed directly to path.Joincommon.ConfigBasePath, filename where ConfigBasePath =...

6.5CVSS5.9AI score0.00502EPSS
Exploits1References1
CVE
CVE
added 2026/03/26 7:24 p.m.9 views

CVE-2026-33528

GoDoxy contains a path traversal vulnerability in its file content API: HTTP request to /api/v1/file/content with a crafted filename parameter can bypass validation and cause access outside the intended config directory by exploiting how the path is joined with ConfigBasePath. An authenticated at...

6.5CVSS5.8AI score0.00502EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/24 12:0 a.m.4 views

PT-2026-27624

Name of the Vulnerable Software and Affected Versions GoDoxy versions prior to 0.27.5 Description GoDoxy, a reverse proxy and container orchestrator, contains a path traversal flaw in the file content API endpoint at /api/v1/file/content. The filename query parameter is directly used in...

6.5CVSS5.8AI score0.00502EPSS
Exploits1References6
OSV
OSV
added 2026/01/13 8:35 p.m.5 views

GHSA-VXW4-WV6M-9HHH OpenCode's Unauthenticated HTTP Server Allows Arbitrary Command Execution

Previously reported via email to [email protected] on 2025-11-17 per the security policy in opencode-sdk-js/SECURITY.md. No response received. Summary OpenCode automatically starts an unauthenticated HTTP server that allows any local process—or any website via permissive CORS—to execute arbitrary...

8.8CVSS7.6AI score0.16955EPSS
Exploits7References4
Zero Science Lab
Zero Science Lab
added 2025/10/16 12:0 a.m.124 views

Ilevia EVE X1 Server 4.7.18.0.eden Parameter Traversal Arbitrary File Access

Summary EVE is a smart home and building automation solution designed for both residential and commercial environments, including malls, hotels, restaurants, bars, gyms, spas, boardrooms, and offices. It enables comprehensive control and monitoring of electrical installations through a highly...

8.7CVSS5.9AI score0.00604EPSS
Exploits4
Rows per page
Query Builder