USN-8359-1 nncp vulnerability

It was discovered that NNCP did not properly sanitize file paths in packet data during file requesting and file saving operations. A remote attacker could possibly use this issue to read or write arbitrary files outside of the intended directory...

CVE-2026-20167

A vulnerability in the web-based management interface of Cisco IoT Field Network Director could allow an authenticated, remote attacker with low privileges to cause a DoS condition on a remotely managed router. This vulnerability is due to improper error handling. An attacker could exploit this...

SUSE CVE-2026-29060

Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to version 2.2.3, a registered user without privileges to create or modify file requests is able to create a short-lived API key that has the permission to do so. The user must be registered with...

CVE-2026-30961

Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to 2.2.4, the chunked upload completion path for file requests does not validate the total file size against the per-request MaxSize limit. An attacker with a public file request link can split an...

GHSA-45VH-RPC8-HXPP Gokapi's File Request MaxSize Limit Bypassed via Multi-Chunk Upload

Summary The chunked upload completion path for file requests does not validate the total file size against the per-request MaxSize limit. An attacker with a public file request link can split an oversized file into chunks each under MaxSize and upload them sequentially, bypassing the size...

CVE-2026-29060

Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to version 2.2.3, a registered user without privileges to create or modify file requests is able to create a short-lived API key that has the permission to do so. The user must be registered with...

CVE-2026-29061 Gokapi: Privilege escalation via incomplete API-key permission revocation on user rank demotion

Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to version 2.2.3, a privilege escalation vulnerability in the user rank demotion logic allows a demoted user's existing API keys to retain ApiPermManageFileRequests and ApiPermManageLogs permission...

CVE-2026-29061

Gokapi CVE-2026-29061 summary (based on connected docs): Gokapi is a self-hosted file sharing server. Before version 2.2.3, a privilege-escalation flaw in the user rank demotion logic allows a demoted user’s existing API keys to retain ApiPermManageFileRequests and ApiPermManageLogs permissions, ...

CVE-2026-29060 Gokapi: Privilege escalation with auth token

Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to version 2.2.3, a registered user without privileges to create or modify file requests is able to create a short-lived API key that has the permission to do so. The user must be registered with...

CVE-2026-29060 Gokapi: Privilege escalation with auth token

Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to version 2.2.3, a registered user without privileges to create or modify file requests is able to create a short-lived API key that has the permission to do so. The user must be registered with...

CVE-2026-29060 Gokapi: Privilege escalation with auth token

Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to version 2.2.3, a registered user without privileges to create or modify file requests is able to create a short-lived API key that has the permission to do so. The user must be registered with...

CVE-2026-29060

Gokapi CVE-2026-29060 affects pre-2.2.3 builds of Gokapi (self-hosted file sharing with encryption). Registered users without rights to create/modify file requests could generate a short‑lived API key and perform those actions, an issue patched in 2.2.3 per CVE description. SUSE and PTSecurity en...

GHSA-Q658-HFPG-35QC Gokapi has privilege escalation via incomplete API-key permission revocation on user rank demotion

Summary A privilege escalation vulnerability in the user rank demotion logic allows a demoted user's existing API keys to retain ApiPermManageFileRequests and ApiPermManageLogs permissions, enabling continued access to upload-request management and log viewing endpoints after the user has been...

Gokapi has privilege escalation via incomplete API-key permission revocation on user rank demotion

Summary A privilege escalation vulnerability in the user rank demotion logic allows a demoted user's existing API keys to retain ApiPermManageFileRequests and ApiPermManageLogs permissions, enabling continued access to upload-request management and log viewing endpoints after the user has been...

GHSA-M2HX-WJXC-9FP4 Gokapi has privilege escalation with auth token

Impact A registered user without privileges to create or modify file requests is able to create a short-lived API key that has the permission to do so. The user must be registered with Gokapi. If you do not have any other users with access to the admin/upload menu, you are not impacted. Patches...

Gokapi has privilege escalation with auth token

Impact A registered user without privileges to create or modify file requests is able to create a short-lived API key that has the permission to do so. The user must be registered with Gokapi. If you do not have any other users with access to the admin/upload menu, you are not impacted. Patches...

PT-2026-23604

Name of the Vulnerable Software and Affected Versions Gokapi versions prior to 2.2.3 Description Gokapi is a self-hosted file sharing server that supports automatic expiration and encryption. A registered user lacking the necessary permissions to create or modify file requests can generate a...

PT-2026-23605

Name of the Vulnerable Software and Affected Versions Gokapi versions prior to 2.2.3 Description Gokapi is a self-hosted file sharing server that includes automatic expiration and encryption support. A flaw in the user rank demotion logic allows a demoted user’s existing API keys to retain...

Arbitrary Client-Side File Disclosure

aiomysql is vulnerable to Arbitrary Client-Side File Disclosure. The vulnerability is due to the client not validating server requests for local files, and attackers can exploit this by running a rogue MySQL server that sends LOADLOCAL packets to request and retrieve arbitrary files from the clie...

Pi-Hole Adminlte 注入漏洞

Pi-Hole Adminlte is a control panel. It is used for statistics More... An injection vulnerability exists in Pi-Hole Adminlte versions prior to 6.3 that stems from failure to properly clean up input when redirecting requests for files with the .lp extension, which could lead to a CRLF injection...