20 matches found
CVE-2026-9519
A security flaw has been discovered in stonith404 pingvin-share up to 1.13.0. This affects the function getServerSideProps of the file frontend/src/pages/auth/signIn.tsx of the component Sign-in Auto-Redirect. The manipulation of the argument redirect results in cross site scripting. The attack m...
CVE-2026-9519 stonith404 pingvin-share Sign-in Auto-Redirect signIn.tsx getServerSideProps cross site scripting
A security flaw has been discovered in stonith404 pingvin-share up to 1.13.0. This affects the function getServerSideProps of the file frontend/src/pages/auth/signIn.tsx of the component Sign-in Auto-Redirect. The manipulation of the argument redirect results in cross site scripting. The attack m...
EUVD-2026-31778
A security flaw has been discovered in stonith404 pingvin-share up to 1.13.0. This affects the function getServerSideProps of the file frontend/src/pages/auth/signIn.tsx of the component Sign-in Auto-Redirect. The manipulation of the argument redirect results in cross site scripting. The attack m...
CVE-2026-9519
CVE-2026-9519 affects stonith404 pingvin-share
CVE-2026-9519
A security flaw has been discovered in stonith404 pingvin-share up to 1.13.0. This affects the function getServerSideProps of the file frontend/src/pages/auth/signIn.tsx of the component Sign-in Auto-Redirect. The manipulation of the argument redirect results in cross site scripting. The attack m...
Pingvin Share 代码注入漏洞
Pingvin Share is a self-hosted file sharing platform developed by Elias Schneider as an individual project. Versions of Pingvin Share prior to 1.13.0 contain a code injection vulnerability. This vulnerability stems from improper handling of the redirect parameter in the getServerSideProps functio...
CVE-2026-44196
Pingvin Share X is a secure and easy self-hosted file sharing platform. From 1.14.1 to 1.16.2, a critical authentication bypass vulnerability allows an attacker who has obtained a valid username and password to skip the second-factor authentication TOTP requirement entirely. Although, an attacker...
CVE-2026-44196
Pingvin Share X is a secure and easy self-hosted file sharing platform. From 1.14.1 to 1.16.2, a critical authentication bypass vulnerability allows an attacker who has obtained a valid username and password to skip the second-factor authentication TOTP requirement entirely. Although, an attacker...
CVE-2026-44196 Pingvin Share X: TOTP Authentication Bypass via Password-only Login
Pingvin Share X is a secure and easy self-hosted file sharing platform. From 1.14.1 to 1.16.2, a critical authentication bypass vulnerability allows an attacker who has obtained a valid username and password to skip the second-factor authentication TOTP requirement entirely. Although, an attacker...
CVE-2026-44196
Pingvin Share X (self-hosted file sharing) from versions 1.14.1–1.16.2 contains a critical authentication bypass that allows an attacker with valid credentials to skip the second-factor (TOTP) requirement. The attacker still needs the user’s password to reach this stage. The issue is fixed in 1.1...
CVE-2026-44196 Pingvin Share X: TOTP Authentication Bypass via Password-only Login
Pingvin Share X is a secure and easy self-hosted file sharing platform. From 1.14.1 to 1.16.2, a critical authentication bypass vulnerability allows an attacker who has obtained a valid username and password to skip the second-factor authentication TOTP requirement entirely. Although, an attacker...
PT-2026-40332
Pingvin Share X is a secure and easy self-hosted file sharing platform. From 1.14.1 to 1.16.2, a critical authentication bypass vulnerability allows an attacker who has obtained a valid username and password to skip the second-factor authentication TOTP requirement entirely. Although, an attacker...
Pingvin Share 授权问题漏洞
Pingvin Share is a self-hosted file sharing platform developed by Elias Schneider as an individual project. Versions of Pingvin Share from 1.14.1 to 1.16.2 have vulnerabilities related to authorization. These vulnerabilities stem from critical authentication bypass exploits, which could allow...
CVE-2025-22137
Pingvin Share is a self-hosted file sharing platform and an alternative for WeTransfer. This vulnerability allows an authenticated or unauthenticated if anonymous shares are allowed user to overwrite arbitrary files on the server, including sensitive system files, via HTTP POST requests. The issu...
CVE-2025-22137
Pingvin Share is a self-hosted file sharing platform and an alternative for WeTransfer. This vulnerability allows an authenticated or unauthenticated if anonymous shares are allowed user to overwrite arbitrary files on the server, including sensitive system files, via HTTP POST requests. The issu...
CVE-2025-22137
Pingvin Share (self-hosted file sharing platform) is affected by CVE-2025-22137. The vulnerability allows an authenticated or unauthenticated user (if anonymous shares are allowed) to overwrite arbitrary files on the server via HTTP POST requests. The issue is addressed in version 1.4.0. The avai...
CVE-2025-22137 Arbitrary File Overwrite via HTTP POST in Pingvin Share
Pingvin Share is a self-hosted file sharing platform and an alternative for WeTransfer. This vulnerability allows an authenticated or unauthenticated if anonymous shares are allowed user to overwrite arbitrary files on the server, including sensitive system files, via HTTP POST requests. The issu...
CVE-2025-22137 Arbitrary File Overwrite via HTTP POST in Pingvin Share
Pingvin Share is a self-hosted file sharing platform and an alternative for WeTransfer. This vulnerability allows an authenticated or unauthenticated if anonymous shares are allowed user to overwrite arbitrary files on the server, including sensitive system files, via HTTP POST requests. The issu...
CVE-2025-22137 Arbitrary File Overwrite via HTTP POST in Pingvin Share
Pingvin Share is a self-hosted file sharing platform and an alternative for WeTransfer. This vulnerability allows an authenticated or unauthenticated if anonymous shares are allowed user to overwrite arbitrary files on the server, including sensitive system files, via HTTP POST requests. The issu...
Pingvin Share 代码问题漏洞
Pingvin Share is a self-hosted file sharing platform by Elias Schneider Personal Developer. A code issue vulnerability exists in Pingvin Share versions 0.6.0 through 1.3.0. An attacker can exploit the vulnerability to overwrite arbitrary files on the server via an HTTP POST request...