19 matches found
SUSE CVE-2026-25059
OpenList Frontend is a UI component for OpenList. Prior to 4.1.10, the application contains path traversal vulnerability in multiple file operation handlers in server/handles/fsmanage.go. Filename components in req.Names are directly concatenated with validated directories using stdpath.Join. Thi...
SUSE CVE-2026-25060
OpenList Frontend is a UI component for OpenList. Prior to 4.1.10, certificate verification is disabled by default for all storage driver communications. The TlsInsecureSkipVerify setting is default to true in the DefaultConfig function in internal/conf/config.go. This vulnerability enables...
CVE-2026-25059
OpenList Frontend is a UI component for OpenList. Prior to 4.1.10, the application contains path traversal vulnerability in multiple file operation handlers in server/handles/fsmanage.go. Filename components in req.Names are directly concatenated with validated directories using stdpath.Join. Thi...
CVE-2026-25060
OpenList Frontend is a UI component for OpenList. Prior to 4.1.10, certificate verification is disabled by default for all storage driver communications. The TlsInsecureSkipVerify setting is default to true in the DefaultConfig function in internal/conf/config.go. This vulnerability enables...
CVE-2026-25059
OpenList Frontend is a UI component for OpenList. Prior to 4.1.10, the application contains path traversal vulnerability in multiple file operation handlers in server/handles/fsmanage.go. Filename components in req.Names are directly concatenated with validated directories using stdpath.Join. Thi...
CVE-2026-25060
OpenList Frontend is a UI component for OpenList. Prior to 4.1.10, certificate verification is disabled by default for all storage driver communications. The TlsInsecureSkipVerify setting is default to true in the DefaultConfig function in internal/conf/config.go. This vulnerability enables...
CVE-2026-25059
OpenList Frontend is a UI component for OpenList. Prior to 4.1.10, the application contains path traversal vulnerability in multiple file operation handlers in server/handles/fsmanage.go. Filename components in req.Names are directly concatenated with validated directories using stdpath.Join. Thi...
OpenList Frontend 路径遍历漏洞
OpenList Frontend is an open-source application developed by the OpenList Team, designed to protect open-source projects from trust-based attacks. Versions of OpenList Frontend prior to 4.1.10 contained a path traversal vulnerability. This vulnerability stemmed from file operation handlers that...
PT-2026-5724
Name of the Vulnerable Software and Affected Versions OpenList versions prior to 4.1.10 Description The OpenList application disables TLS certificate verification by default for all outgoing storage driver communications, creating a risk of Man-in-the-Middle MitM attacks. This allows attackers to...
OpenList Frontend 安全漏洞
OpenList Frontend is an open-source application developed by the OpenList Team, designed to protect open-source projects from trust-based attacks. Versions of OpenList Frontend prior to 4.1.10 contained security vulnerabilities; these vulnerabilities stemmed from the default disabling of TLS...
EUVD-2025-18905
Malicious code in bioql PyPI...
Cross-site Scripting (XSS)
@openlist-frontend/openlist-frontend is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to improper handling of .py files containing JavaScript within...
CVE-2025-50183
OpenList Frontend is a UI component for OpenList. Prior to version 4.0.0-rc.4, a vulnerability exists in the file preview/browsing feature of the application, where files with a .py extension that contain JavaScript code wrapped in...
CVE-2025-50183
OpenList Frontend is a UI component for OpenList. Prior to version 4.0.0-rc.4, a vulnerability exists in the file preview/browsing feature of the application, where files with a .py extension that contain JavaScript code wrapped in tags may be interpreted and executed as HTML in certain modes. Th...
CVE-2025-50183 OpenList (frontend) allows XSS Attacks in the built-in Markdown Viewer
OpenList Frontend is a UI component for OpenList. Prior to version 4.0.0-rc.4, a vulnerability exists in the file preview/browsing feature of the application, where files with a .py extension that contain JavaScript code wrapped in tags may be interpreted and executed as HTML in certain modes. Th...
CVE-2025-50183 OpenList (frontend) allows XSS Attacks in the built-in Markdown Viewer
OpenList Frontend is a UI component for OpenList. Prior to version 4.0.0-rc.4, a vulnerability exists in the file preview/browsing feature of the application, where files with a .py extension that contain JavaScript code wrapped in tags may be interpreted and executed as HTML in certain modes. Th...
CVE-2025-50183 OpenList (frontend) allows XSS Attacks in the built-in Markdown Viewer
OpenList Frontend is a UI component for OpenList. Prior to version 4.0.0-rc.4, a vulnerability exists in the file preview/browsing feature of the application, where files with a .py extension that contain JavaScript code wrapped in tags may be interpreted and executed as HTML in certain modes. Th...
OpenList Frontend 跨站脚本漏洞
OpenList Frontend is an OpenList Team open source application that protects open source projects from trust-based attacks. A cross-site scripting vulnerability exists in OpenList Frontend versions prior to 4.0.0-rc.4, which stems from a .py file in the file preview feature that may be interpreted...
PT-2025-26200 · Unknown · Openlist Frontend
Name of the Vulnerable Software and Affected Versions: OpenList Frontend versions prior to 4.0.0-rc.4 Description: A stored XSS vulnerability exists in the file preview/browsing feature of the application. This occurs when files with a .py extension containing JavaScript code wrapped in tags are...