Lucene search
+L

30 matches found

Cvelist
Cvelist
added 2026/02/25 11:16 p.m.23 views

CVE-2026-27933 Manyfold vulnerable to session hijack via cookie leakage in proxy caches

Manyfold is an open source, self-hosted web application for managing a collection of 3d models, particularly focused on 3d printing. Versions prior to 0.133.0 are vulnerable to session hijack via cookie leakage in proxy caches. Version 0.133.0 fixes the issue...

6.8CVSS0.00262EPSS
Exploits1References2
OSV
OSV
added 2026/02/25 11:16 p.m.6 views

CVE-2026-27933 Manyfold vulnerable to session hijack via cookie leakage in proxy caches

Manyfold is an open source, self-hosted web application for managing a collection of 3d models, particularly focused on 3d printing. Versions prior to 0.133.0 are vulnerable to session hijack via cookie leakage in proxy caches. Version 0.133.0 fixes the issue...

6.8CVSS5.5AI score0.00262EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/02/25 11:10 p.m.3 views

CVE-2026-27635

Manyfold is an open source, self-hosted web application for managing a collection of 3d models, particularly focused on 3d printing. Prior to version 0.133.0, when model render generation is enabled, a logged-in user can achieve RCE by uploading a ZIP containing a file with a shell metacharacter ...

8.8CVSS5.8AI score0.0037EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2026/02/25 11:10 p.m.17 views

CVE-2026-27635

Manyfold prior to version 0.133.0 is vulnerable to remote code execution via ZIP filename during render generation. A logged-in user could upload a ZIP containing a file with a shell metacharacter in its name, allowing the filename to reach an unsanitized Ruby backtick call. Version 0.133.0 fixes...

8.8CVSS5.4AI score0.0037EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/02/25 11:10 p.m.27 views

CVE-2026-27635 Manyfold vulnerable to OS command injection via ZIP filename in f3d render

Manyfold is an open source, self-hosted web application for managing a collection of 3d models, particularly focused on 3d printing. Prior to version 0.133.0, when model render generation is enabled, a logged-in user can achieve RCE by uploading a ZIP containing a file with a shell metacharacter ...

7.5CVSS0.0037EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/02/25 11:10 p.m.5 views

CVE-2026-27635 Manyfold vulnerable to OS command injection via ZIP filename in f3d render

Manyfold is an open source, self-hosted web application for managing a collection of 3d models, particularly focused on 3d printing. Prior to version 0.133.0, when model render generation is enabled, a logged-in user can achieve RCE by uploading a ZIP containing a file with a shell metacharacter ...

7.5CVSS5.4AI score0.0037EPSS
Exploits1References2
EUVD
EUVD
added 2026/02/25 11:10 p.m.7 views

EUVD-2026-8766

Manyfold is an open source, self-hosted web application for managing a collection of 3d models, particularly focused on 3d printing. Prior to version 0.133.0, when model render generation is enabled, a logged-in user can achieve RCE by uploading a ZIP containing a file with a shell metacharacter ...

7.5CVSS5.4AI score0.0037EPSS
Exploits1References2
OSV
OSV
added 2026/02/25 11:10 p.m.8 views

CVE-2026-27635 Manyfold vulnerable to OS command injection via ZIP filename in f3d render

Manyfold is an open source, self-hosted web application for managing a collection of 3d models, particularly focused on 3d printing. Prior to version 0.133.0, when model render generation is enabled, a logged-in user can achieve RCE by uploading a ZIP containing a file with a shell metacharacter ...

7.5CVSS5.5AI score0.0037EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/02/25 12:0 a.m.11 views

PT-2026-22041

Manyfold is an open source, self-hosted web application for managing a collection of 3d models, particularly focused on 3d printing. Versions prior to 0.133.0 are vulnerable to session hijack via cookie leakage in proxy caches. Version 0.133.0 fixes the issue...

6.8CVSS5.4AI score0.00262EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/02/25 12:0 a.m.8 views

PT-2026-22040

Name of the Vulnerable Software and Affected Versions Manyfold versions prior to 0.133.0 Description Manyfold is a self-hosted web application used for managing 3D models, with a focus on 3D printing. Prior to version 0.133.0, a logged-in user could achieve Remote Code Execution RCE when model...

8.8CVSS6AI score0.0037EPSS
Exploits1References10
Rows per page
Query Builder