📄 Papermark 0.20.0 Path Traversal

Papermark version 0.20.0 suffers from an authenticated path traversal vulnerability. // Exploit Title: Papermark 0.20.0 - Path Traversal Authenticated // Date: 2026-01-28 // Exploit Author: Eui Chul Chung // Vendor Homepage: https://www.papermark.com/ // Software Link:...

EUVD-2024-25304

Malicious code in bioql PyPI...

CVE-2025-57682

Directory Traversal vulnerability in Papermark 0.20.0 and prior allows authenticated attackers to retrieve arbitrary files from an S3 bucket through its CloudFront distribution via the "POST /api/file/s3/get-presigned-get-url-proxy" API...

CVE-2025-57682

Directory Traversal vulnerability in Papermark 0.20.0 and prior allows authenticated attackers to retrieve arbitrary files from an S3 bucket through its CloudFront distribution via the "POST /api/file/s3/get-presigned-get-url-proxy" API...

CVE-2025-57682

Directory Traversal vulnerability in Papermark 0.20.0 and prior allows authenticated attackers to retrieve arbitrary files from an S3 bucket through its CloudFront distribution via the "POST /api/file/s3/get-presigned-get-url-proxy" API...

PT-2025-38726

Name of the Vulnerable Software and Affected Versions Papermark versions prior to 0.20.0 Description An issue exists in Papermark that allows authenticated attackers to retrieve arbitrary files from an S3 bucket through its CloudFront distribution. This is possible via the 'POST...

CVE-2025-57682

Papermark 0.20.0 and earlier versions contain an authenticated path traversal vulnerability. An attacker can abuse the POST /api/file/s3/get-presigned-get-url-proxy endpoint to retrieve arbitrary files from the associated S3 bucket by manipulating the key parameter (as shown in the PacketStorm ex...

CVE-2024-28174

In JetBrains TeamCity before 2023.11.4 presigned URL generation requests in S3 Artifact Storage plugin were authorized improperly...

CVE-2024-28174

In JetBrains TeamCity before 2023.11.4 presigned URL generation requests in S3 Artifact Storage plugin were authorized improperly...

CVE-2024-28174

In JetBrains TeamCity before 2023.11.4 presigned URL generation requests in S3 Artifact Storage plugin were authorized improperly...

Code injection

In JetBrains TeamCity before 2023.11.4 presigned URL generation requests in S3 Artifact Storage plugin were authorized improperly...

CVE-2024-28174

In JetBrains TeamCity before 2023.11.4 presigned URL generation requests in S3 Artifact Storage plugin were authorized improperly...

CVE-2024-28174

In JetBrains TeamCity before 2023.11.4 presigned URL generation requests in S3 Artifact Storage plugin were authorized improperly...

CVE-2024-28174

CVE-2024-28174 affects JetBrains TeamCity (pre-2023.11.4) via the S3 Artifact Storage plugin. The root cause is improper authorization of presigned URL generation requests, allowing a remote attacker to bypass existing security restrictions. The public descriptions consistently state the issue af...

CVE-2023-32751

Pydio Cells through 4.1.2 allows XSS. Pydio Cells implements the download of files using presigned URLs which are generated using the Amazon AWS SDK for JavaScript 1. The secrets used to sign these URLs are hardcoded and exposed through the JavaScript files of the web application. Therefore, it i...

Pydio Cells 4.1.2 - Cross-Site Scripting (XSS) via File Download

Exploit Title: Pydio Cells 4.1.2 - Cross-Site Scripting XSS via File Download Affected Versions: 4.1.2 and earlier versions Fixed Versions: 4.2.0, 4.1.3, 3.0.12 Vulnerability Type: Cross-Site Scripting Security Risk: high Vendor URL: https://pydio.com/ Vendor Status: notified Advisory URL:...

CVE-2020-7599

All versions of com.gradle.plugin-publish before 0.11.0 are vulnerable to Insertion of Sensitive Information into Log File. When a plugin author publishes a Gradle plugin while running Gradle with the --info log level flag, the Gradle Logger logs an AWS pre-signed URL. If this build log is public...

Insertion of Sensitive Information into Log File

Overview com.gradle.plugin-publish:com.gradle.plugin-publish.gradle.plugin is a plugin that publishes plugins to the Gradle Plugin Portal. Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File. When a plugin author publishes a Gradle plugin while...

Ruby on Rails: ActiveStorage direct upload fails to sign content-length header for S3 service

When a user makes a direct upload using ActiveStorage, the browser makes a request to the DirectUploadsController containing the directupload parameters filename, contenttype, bytesize, and checksum. These are used to generate a presigned url that is then passed back to the browser, allowing the...