CVE-2026-56768

Seahub before 13.0.23 does not enforce SHARELINKLOGINREQUIRED on GET /api/v2.1/share-link-zip-task/, allowing unauthenticated users to bypass authentication. Attackers with a folder share-link token can call the GET endpoint to obtain a fileserver zip token and download entire shared directory...

CVE-2026-56768

Vulnerability summary (CVE-2026-56768) Seahub versions before 13.0.23 fail to enforce SHARE_LINK_LOGIN_REQUIRED on GET /api/v2.1/share-link-zip-task/, allowing unauthenticated access when a folder share-link token is present. An attacker can call the GET endpoint to obtain a fileserver zip token ...

CVE-2026-46492

md-fileserver allows for local viewing of markdown files in a browser. Prior to version 1.10.3, a cross-site scripting XSS vulnerability exists in the application’s Markdown rendering logic. When user-supplied Markdown content is rendered, embedded raw HTML—including tags—is processed and injecte...

CVE-2026-46492 md-fileserver: Stored/Reflected XSS when viewing Markdown (raw HTML allowed)

md-fileserver allows for local viewing of markdown files in a browser. Prior to version 1.10.3, a cross-site scripting XSS vulnerability exists in the application’s Markdown rendering logic. When user-supplied Markdown content is rendered, embedded raw HTML—including tags—is processed and injecte...

CVE-2026-46492

md-fileserver önce 1.10.3 sürümünden önce HTML içeren Markdown içeriğini güvenli olmayan şekilde render ediyor; bu, kullanıcı tarafından sağlanan Markdown içeriğinde yer alan [removed] gibi ham HTML’nin sayfaya güvenliksız olarak enjekte edilmesine yol açıyor. Etkilenen bileşenler arasında Markdo...

md-fileserver 安全漏洞

md-fileserver is a local Markdown file browser and rendering server developed by Commenthol as an individual project. Versions of md-fileserver prior to 1.10.3 contained security vulnerabilities. These vulnerabilities stemmed from the Markdown rendering logic’s failure to clean up the embedded...

CVE-2026-46492

creationtimestamp| type| source ---|---|--- 2026-05-14 19:57:57+00:00| published-proof-of-concept| https://github.com/commenthol/md-fileserver/security/advisories/GHSA-32q2-hhr5-6qvv 2026-06-09 17:11:57+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnuowoqpot2g...

Improper Neutralization of Equivalent Special Elements

Overview github.com/caddyserver/caddy/v2/modules/caddyhttp/fileserver is a fast and extensible multi-platform HTTP/1-2-3 web server with automatic HTTPS Affected versions of this package are vulnerable to Improper Neutralization of Equivalent Special Elements in matcher.go‎, when matching filenam...

WeKan 访问控制错误漏洞

WeKan is an open-source dashboard application developed by WeKan. Versions of WeKan 8.20 and earlier contained a security vulnerability related to access control. This vulnerability stemmed from improper handling of files in the “Fileserver/methods/fixDuplicateLists.js” component by the...

EUVD-2020-1326

Malware in sbrugna...

EUVD-2012-4528

Malware in sbrugna...

EUVD-2016-10573

Malware in sbrugna...

EUVD-2009-2539

Malware in sbrugna...

EUVD-2024-33419

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2016-3088

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an...

ClearML < 1.16.0 Unauthenticated File Access

According to its banner, the version of ClearML running on the remote host is 1.16.0. It is, therefore, affected by an Unauthenticated File Access due to the lack of authentication of the fileserver component. Note that the scanner has not tested for these issues but has instead relied only on th...

[SECURITY] [DLA 4168-1] openafs security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4168-1 [email protected] https://www.debian.org/lts/security/ Thorsten Alteholz May 17, 2025 https://wiki.debian.org/LTS -...

Linux Distros Unpatched Vulnerability : CVE-2024-10396

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An authenticated user can provide a malformed ACL to the fileserver's StoreACL RPC, causing the fileserver to crash, possibly expose uninitialized memory, and...

copyparty renders unsanitized filenames as HTML when user uploads empty files

Summary A DOM-Based XSS was discovered in copyparty, a portable fileserver. The vulnerability is considered low-risk. Details By handing someone a maliciously-named file, and then tricking them into dragging the file into copyparty's Web-UI, an attacker could execute arbitrary javascript with the...

MGASA-2025-0013 Updated openafs packages fix security vulnerabilities

A local user can bypass the OpenAFS PAG Process Authentication Group throttling mechanism in Unix client. CVE-2024-10394 An authenticated user can provide a malformed ACL to the fileserver's StoreACL RPC, causing the fileserver to crash. CVE-2024-10396 A malicious server can crash the OpenAFS cac...