CVE-2026-57957

Papermark through 0.22.0 contains a cross-origin resource sharing CORS misconfiguration vulnerability that allows unauthenticated remote attackers to perform credentialed cross-origin requests by exploiting the TUS-based viewer upload endpoint reflecting arbitrary request Origins with...

CVE-2026-57957

Summary (CVE-2026-57957): Papermark up to version 0.22.0 has a CORS misconfiguration in the TUS-based viewer upload endpoint. This flaw reflects arbitrary request Origins with Access-Control-Allow-Credentials set to true, enabling unauthenticated remote attackers to perform credentialed cross-ori...

📄 Papermark 0.20.0 Path Traversal

Papermark version 0.20.0 suffers from an authenticated path traversal vulnerability. // Exploit Title: Papermark 0.20.0 - Path Traversal Authenticated // Date: 2026-01-28 // Exploit Author: Eui Chul Chung // Vendor Homepage: https://www.papermark.com/ // Software Link:...

EUVD-2025-30811

Malicious code in bioql PyPI...

CVE-2025-57682

Directory Traversal vulnerability in Papermark 0.20.0 and prior allows authenticated attackers to retrieve arbitrary files from an S3 bucket through its CloudFront distribution via the "POST /api/file/s3/get-presigned-get-url-proxy" API...

CVE-2025-57682

Directory Traversal vulnerability in Papermark 0.20.0 and prior allows authenticated attackers to retrieve arbitrary files from an S3 bucket through its CloudFront distribution via the "POST /api/file/s3/get-presigned-get-url-proxy" API...

CVE-2025-57682

Directory Traversal vulnerability in Papermark 0.20.0 and prior allows authenticated attackers to retrieve arbitrary files from an S3 bucket through its CloudFront distribution via the "POST /api/file/s3/get-presigned-get-url-proxy" API...

Papermark 安全漏洞

Papermark is a document analysis software by Marc Seitz, an individual developer. A security vulnerability exists in Papermark 0.20.0 and prior versions, which stems from improperly restricting access via the POST /api/file/s3/get-presigned-get-url-proxy API, which could allow an authenticated...

PT-2025-38726

Name of the Vulnerable Software and Affected Versions Papermark versions prior to 0.20.0 Description An issue exists in Papermark that allows authenticated attackers to retrieve arbitrary files from an S3 bucket through its CloudFront distribution. This is possible via the 'POST...

CVE-2025-57682

Directory Traversal vulnerability in Papermark 0.20.0 and prior allows authenticated attackers to retrieve arbitrary files from an S3 bucket through its CloudFront distribution via the "POST /api/file/s3/get-presigned-get-url-proxy" API...

CVE-2025-57682

Directory Traversal vulnerability in Papermark 0.20.0 and prior allows authenticated attackers to retrieve arbitrary files from an S3 bucket through its CloudFront distribution via the "POST /api/file/s3/get-presigned-get-url-proxy" API...

CVE-2025-57682

Papermark 0.20.0 and earlier versions contain an authenticated path traversal vulnerability. An attacker can abuse the POST /api/file/s3/get-presigned-get-url-proxy endpoint to retrieve arbitrary files from the associated S3 bucket by manipulating the key parameter (as shown in the PacketStorm ex...