26 matches found
CVE-2026-27933
Manyfold is an open source, self-hosted web application for managing a collection of 3d models, particularly focused on 3d printing. Versions prior to 0.133.0 are vulnerable to session hijack via cookie leakage in proxy caches. Version 0.133.0 fixes the issue...
CVE-2026-27635
Manyfold is an open source, self-hosted web application for managing a collection of 3d models, particularly focused on 3d printing. Prior to version 0.133.0, when model render generation is enabled, a logged-in user can achieve RCE by uploading a ZIP containing a file with a shell metacharacter ...
CVE-2026-28225 Manyfold has IDOR in ModelFilesController
Manyfold is an open source, self-hosted web application for managing a collection of 3d models, particularly focused on 3d printing. Prior to version 0.133.1, the getmodel method in ModelFilesController line 158-160 loads models using Model.findparamparams:modelid without policyscope, bypassing...
CVE-2026-28225
Manyfold is an open source, self-hosted web application for managing a collection of 3d models, particularly focused on 3d printing. Prior to version 0.133.1, the getmodel method in ModelFilesController line 158-160 loads models using Model.findparamparams:modelid without policyscope, bypassing...
CVE-2026-28225 Manyfold has IDOR in ModelFilesController
Manyfold is an open source, self-hosted web application for managing a collection of 3d models, particularly focused on 3d printing. Prior to version 0.133.1, the getmodel method in ModelFilesController line 158-160 loads models using Model.findparamparams:modelid without policyscope, bypassing...
CVE-2026-28225
Manyfold is exposed to an authorization bypass in older releases. Before version 0.133.1, the get_model method in ModelFilesController loads models with Model.find_param(params[:model_id]) without enforcing policy_scope(), bypassing Pundit authorization, unlike other controllers (e.g., ModelsCont...
CVE-2026-28225 Manyfold has IDOR in ModelFilesController
Manyfold is an open source, self-hosted web application for managing a collection of 3d models, particularly focused on 3d printing. Prior to version 0.133.1, the getmodel method in ModelFilesController line 158-160 loads models using Model.findparamparams:modelid without policyscope, bypassing...
CVE-2026-27933
Manyfold is an open source, self-hosted web application for managing a collection of 3d models, particularly focused on 3d printing. Versions prior to 0.133.0 are vulnerable to session hijack via cookie leakage in proxy caches. Version 0.133.0 fixes the issue...
CVE-2026-27635
Manyfold is an open source, self-hosted web application for managing a collection of 3d models, particularly focused on 3d printing. Prior to version 0.133.0, when model render generation is enabled, a logged-in user can achieve RCE by uploading a ZIP containing a file with a shell metacharacter ...
Manyfold 代码问题漏洞
Manyfold is a self-hosted web application developed by Manyfold OpenSource. Versions of Manyfold prior to 0.133.0 had code-related vulnerabilities; these vulnerabilities were caused by Cookie leaks in the proxy cache, which could lead to session hijacking...
Manyfold 安全漏洞
Manyfold is a self-hosted web application developed by Manyfold OpenSource. Versions of Manyfold prior to 0.133.1 contained a security vulnerability, which was caused by the getmodel method in the ModelFilesController bypassing Pundit authorization...
PT-2026-22213
Name of the Vulnerable Software and Affected Versions Manyfold versions prior to 0.133.1 Description Manyfold is a self-hosted web application for managing 3d models. A flaw exists in the get model method within the ModelFilesController lines 158-160 where models are loaded using Model.find...
Manyfold 操作系统命令注入漏洞
Manyfold is a self-hosted web application developed by Manyfold OpenSource. Versions of Manyfold prior to 0.133.0 contained an operating system command injection vulnerability. This vulnerability stemmed from uncleaned filenames, which could lead to remote code execution...
CVE-2026-27933
CVE-2026-27933 affects Manyfold, an open‑source self-hosted web app for 3D models. Versions prior to 0.133.0 are vulnerable to a session hijack via cookie leakage in proxy caches; attacking actor could exploit exposed cookies to hijack sessions. The CVSS score provided is 6.8 (Medium) with networ...
CVE-2026-27933 Manyfold vulnerable to session hijack via cookie leakage in proxy caches
Manyfold is an open source, self-hosted web application for managing a collection of 3d models, particularly focused on 3d printing. Versions prior to 0.133.0 are vulnerable to session hijack via cookie leakage in proxy caches. Version 0.133.0 fixes the issue...
CVE-2026-27933 Manyfold vulnerable to session hijack via cookie leakage in proxy caches
Manyfold is an open source, self-hosted web application for managing a collection of 3d models, particularly focused on 3d printing. Versions prior to 0.133.0 are vulnerable to session hijack via cookie leakage in proxy caches. Version 0.133.0 fixes the issue...
CVE-2026-27933
Manyfold is an open source, self-hosted web application for managing a collection of 3d models, particularly focused on 3d printing. Versions prior to 0.133.0 are vulnerable to session hijack via cookie leakage in proxy caches. Version 0.133.0 fixes the issue...
CVE-2026-27933 Manyfold vulnerable to session hijack via cookie leakage in proxy caches
Manyfold is an open source, self-hosted web application for managing a collection of 3d models, particularly focused on 3d printing. Versions prior to 0.133.0 are vulnerable to session hijack via cookie leakage in proxy caches. Version 0.133.0 fixes the issue...
CVE-2026-27635 Manyfold vulnerable to OS command injection via ZIP filename in f3d render
Manyfold is an open source, self-hosted web application for managing a collection of 3d models, particularly focused on 3d printing. Prior to version 0.133.0, when model render generation is enabled, a logged-in user can achieve RCE by uploading a ZIP containing a file with a shell metacharacter ...
CVE-2026-27635
Manyfold is an open source, self-hosted web application for managing a collection of 3d models, particularly focused on 3d printing. Prior to version 0.133.0, when model render generation is enabled, a logged-in user can achieve RCE by uploading a ZIP containing a file with a shell metacharacter ...