CVE-2026-42453

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.1.0, the extractArchive and compressFiles endpoints in file-manager.ts use double-quoted strings for shell command construction, unlike all other file manager operation...

CVE-2026-42453

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.1.0, the extractArchive and compressFiles endpoints in file-manager.ts use double-quoted strings for shell command construction, unlike all other file manager operation...

Improper Authorization

Overview Affected versions of this package are vulnerable to Improper Authorization via the EOTS manager endpoints when these endpoints are accessible to the public without HMAC protection. An attacker can trigger unauthorized actions by sending crafted requests to the exposed RPC endpoints...

GO-2025-3965 Dragonfly doesn't have authentication enabled for some Manager’s endpoints in d7y.io/dragonfly

Dragonfly doesn't have authentication enabled for some Manager’s endpoints in d7y.io/dragonfly...

CVE-2025-59345

Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, The /api/v1/jobs and /preheats endpoints in Manager web UI are accessible without authentication. Any user with network access to the Manager can create, delete, and modify jobs, and create...

Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication via the Manager web UI endpoints /api/v1/jobs and /preheats. An attacker can gain unauthorized access to create, delete, or modify jobs, and initiate preheat jobs by sending unauthenticated requests to these...

Dragonfly doesn't have authentication enabled for some Manager’s endpoints

Impact The /api/v1/jobs and /preheats endpoints in Manager web UI are accessible without authentication. Any user with network access to the Manager can create, delete, and modify jobs, and create preheat jobs. An unauthenticated adversary with network access to a Manager web UI uses /api/v1/jobs...

Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication via the Manager web UI endpoints /api/v1/jobs and /preheats. An attacker can gain unauthorized access to create, delete, or modify jobs, and initiate preheat jobs by sending unauthenticated requests to these...

Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication via the Manager web UI endpoints /api/v1/jobs and /preheats. An attacker can gain unauthorized access to create, delete, or modify jobs, and initiate preheat jobs by sending unauthenticated requests to these...

Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication via the Manager web UI endpoints /api/v1/jobs and /preheats. An attacker can gain unauthorized access to create, delete, or modify jobs, and initiate preheat jobs by sending unauthenticated requests to these...

CVE-2025-59345

Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, The /api/v1/jobs and /preheats endpoints in Manager web UI are accessible without authentication. Any user with network access to the Manager can create, delete, and modify jobs, and create...

CVE-2025-59345 Dragonfly did not enable authentication for some Manager’s endpoints

Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, The /api/v1/jobs and /preheats endpoints in Manager web UI are accessible without authentication. Any user with network access to the Manager can create, delete, and modify jobs, and create...

CVE-2025-41058 Stored Cross-Site Scripting vulnerability in appRain CMF

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataAddonlayouts' and 'dataAddonlayoutsexcept' parameters in /apprain/developer/addons/update/rowmanager...