10 matches found
CVE-2026-40885 goshs: Public collaborator feed leaks .goshs ACL credentials and enables unauthorized access
goshs is a SimpleHTTPServer written in Go. From 2.0.0-beta.4 to 2.0.0-beta.5, goshs leaks file-based ACL credentials through its public collaborator feed when the server is deployed without global basic auth. Requests to .goshs-protected folders are logged before authorization is enforced, and th...
CVE-2026-33738
Lychee is a free, open-source photo-management tool. Prior to version 7.5.3, the photo description field is stored without HTML sanitization and rendered using !! $item-summary !! Blade unescaped output in the RSS, Atom, and JSON feed templates. The /feed endpoint is publicly accessible without...
CVE-2026-33738 Lychee Vulnerable to Stored XSS via Photo Description in RSS/Atom/JSON Feed (No Sanitization on Public Endpoint)
Lychee is a free, open-source photo-management tool. Prior to version 7.5.3, the photo description field is stored without HTML sanitization and rendered using !! $item-summary !! Blade unescaped output in the RSS, Atom, and JSON feed templates. The /feed endpoint is publicly accessible without...
CVE-2026-33738
Lychee is a free, open-source photo-management tool. Prior to version 7.5.3, the photo description field is stored without HTML sanitization and rendered using !! $item-summary !! Blade unescaped output in the RSS, Atom, and JSON feed templates. The /feed endpoint is publicly accessible without...
CVE-2026-33738 Lychee Vulnerable to Stored XSS via Photo Description in RSS/Atom/JSON Feed (No Sanitization on Public Endpoint)
Lychee is a free, open-source photo-management tool. Prior to version 7.5.3, the photo description field is stored without HTML sanitization and rendered using !! $item-summary !! Blade unescaped output in the RSS, Atom, and JSON feed templates. The /feed endpoint is publicly accessible without...
EUVD-2026-16417
Lychee is a free, open-source photo-management tool. Prior to version 7.5.3, the photo description field is stored without HTML sanitization and rendered using !! $item-summary !! Blade unescaped output in the RSS, Atom, and JSON feed templates. The /feed endpoint is publicly accessible without...
PT-2026-28519
Name of the Vulnerable Software and Affected Versions Lychee versions prior to 7.5.3 Description Lychee is a free, open-source photo-management tool. Before version 7.5.3, the photo description field was stored without HTML sanitization and rendered using !! $item-summary !! Blade unescaped outpu...
CVE-2025-60016
creationtimestamp| type| source ---|---|--- 2025-10-15 15:31:29+00:00| seen| https://vulnerability.circl.lu/bundle/834a30cc-c06c-49b3-9157-eb77f711c73f 2025-10-16 09:05:24+00:00| seen| https://circl.lu/pub/tr-96/ 2025-10-17 13:38:40+00:00| seen|...
CVE-2009-0557
creationtimestamp| type| source ---|---|--- 2023-06-14 21:10:02+00:00| seen| MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123 2023-12-05 03:21:11+00:00| seen| https://t.me/arpsyndicate/1378 2024-12-24 20:32:01+00:00| seen| https://feedsin.space/feed/CISAKevBot/items/2971626 2025-02-23 02:09:59+00:00|...
CVE-2025-34119
creationtimestamp| type| source ---|---|--- 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/misc/easycafeserverfileaccess.rb 2025-09-09 20:56:45+00:00| seen| MISP/2bceffac-02c3-4c54-a709-6e253b38ec76 2025-10-23 21:13:04+00:00|...