30 matches found
CVE-2026-27933 Manyfold vulnerable to session hijack via cookie leakage in proxy caches
Manyfold is an open source, self-hosted web application for managing a collection of 3d models, particularly focused on 3d printing. Versions prior to 0.133.0 are vulnerable to session hijack via cookie leakage in proxy caches. Version 0.133.0 fixes the issue...
CVE-2026-27933 Manyfold vulnerable to session hijack via cookie leakage in proxy caches
Manyfold is an open source, self-hosted web application for managing a collection of 3d models, particularly focused on 3d printing. Versions prior to 0.133.0 are vulnerable to session hijack via cookie leakage in proxy caches. Version 0.133.0 fixes the issue...
CVE-2026-27635
Manyfold is an open source, self-hosted web application for managing a collection of 3d models, particularly focused on 3d printing. Prior to version 0.133.0, when model render generation is enabled, a logged-in user can achieve RCE by uploading a ZIP containing a file with a shell metacharacter ...
CVE-2026-27635
Manyfold prior to version 0.133.0 is vulnerable to remote code execution via ZIP filename during render generation. A logged-in user could upload a ZIP containing a file with a shell metacharacter in its name, allowing the filename to reach an unsanitized Ruby backtick call. Version 0.133.0 fixes...
CVE-2026-27635 Manyfold vulnerable to OS command injection via ZIP filename in f3d render
Manyfold is an open source, self-hosted web application for managing a collection of 3d models, particularly focused on 3d printing. Prior to version 0.133.0, when model render generation is enabled, a logged-in user can achieve RCE by uploading a ZIP containing a file with a shell metacharacter ...
CVE-2026-27635 Manyfold vulnerable to OS command injection via ZIP filename in f3d render
Manyfold is an open source, self-hosted web application for managing a collection of 3d models, particularly focused on 3d printing. Prior to version 0.133.0, when model render generation is enabled, a logged-in user can achieve RCE by uploading a ZIP containing a file with a shell metacharacter ...
EUVD-2026-8766
Manyfold is an open source, self-hosted web application for managing a collection of 3d models, particularly focused on 3d printing. Prior to version 0.133.0, when model render generation is enabled, a logged-in user can achieve RCE by uploading a ZIP containing a file with a shell metacharacter ...
CVE-2026-27635 Manyfold vulnerable to OS command injection via ZIP filename in f3d render
Manyfold is an open source, self-hosted web application for managing a collection of 3d models, particularly focused on 3d printing. Prior to version 0.133.0, when model render generation is enabled, a logged-in user can achieve RCE by uploading a ZIP containing a file with a shell metacharacter ...
PT-2026-22041
Manyfold is an open source, self-hosted web application for managing a collection of 3d models, particularly focused on 3d printing. Versions prior to 0.133.0 are vulnerable to session hijack via cookie leakage in proxy caches. Version 0.133.0 fixes the issue...
PT-2026-22040
Name of the Vulnerable Software and Affected Versions Manyfold versions prior to 0.133.0 Description Manyfold is a self-hosted web application used for managing 3D models, with a focus on 3D printing. Prior to version 0.133.0, a logged-in user could achieve Remote Code Execution RCE when model...