4 matches found
CVE-2026-41308 Password Pusher: JSON API `/p.json` file upload alias bypasses file-push authentication
Password Pusher is an open source application to communicate sensitive information over the web. Prior to versions 1.69.3 and 2.4.2, a security issue in OSS PasswordPusher allowed unauthenticated creation of file-type pushes through a generic JSON API create path under certain configurations. Thi...
CVE-2026-41308
Password Pusher exposes a vulnerability (CVE-2026-41308) where unauthenticated creation of file-type pushes is possible via a generic JSON API create path, bypassing the authentication boundary under certain configurations. Affected versions prior to 1.69.3 and 2.4.2 are fixed in 1.69.3 and 2.4.2...
CVE-2026-41308 Password Pusher: JSON API `/p.json` file upload alias bypasses file-push authentication
Password Pusher is an open source application to communicate sensitive information over the web. Prior to versions 1.69.3 and 2.4.2, a security issue in OSS PasswordPusher allowed unauthenticated creation of file-type pushes through a generic JSON API create path under certain configurations. Thi...
Code injection
The Nokia N70 phone allows remote attackers to cause a denial of service continual modal dialogs and UI unavailability by repeatedly trying to OBEX push a file over Bluetooth, as demonstrated by ussp-push...