Webmin 安全漏洞

Webmin is a set of web-based system management tools for Unix-like operating systems, developed by the Webmin community. Versions of Webmin prior to 2.640 contained a security vulnerability, which stemmed from the insecure construction of the attachment save file name in the mailboxes/detachall.c...

PT-2026-42024

Trilium Notes is an open-source, cross-platform hierarchical note taking application for building large personal knowledge bases. Versions 0.102.1 and prior are vulnerable to Local File Inclusion, allowing an authenticated attacker to read sensitive arbitrary files from the server's filesystem. T...

PT-2026-32930

Docmost is open-source collaborative wiki and documentation software. In versions prior to 0.71.0, improper neutralization of attachment URLs in Docmost allows a low-privileged authenticated user to store a malicious javascript: URL inside an attachment node in page content. When another user vie...

CVE-2020-26178

In tangro Business Workflow before 1.18.1, knowing an attachment ID, it is possible to download workitem attachments without being authenticated...