48 matches found
8.19.16, 9.3.5 Security Update (ESA-2026-33)
Operation on a Resource after Expiration or Termination in Kibana Leading to Unauthorized File Access Operation on a Resource after Expiration or Termination CWE-672 in Kibana can lead to unauthorized information disclosure. A logic error in how expiration timestamps were validated allowed a...
CVE-2026-40491
gdown is a Google Drive public file/folder downloader. Versions prior to 5.2.2 are vulnerable to a Path Traversal attack within the extractall functionality. When extracting a maliciously crafted ZIP or TAR archive, the library fails to sanitize or validate the filenames of the archive members...
UBUNTU-CVE-2026-40491
gdown is a Google Drive public file/folder downloader. Versions prior to 5.2.2 are vulnerable to a Path Traversal attack within the extractall functionality. When extracting a maliciously crafted ZIP or TAR archive, the library fails to sanitize or validate the filenames of the archive members...
GHSA-69HX-63PV-F8F4 Ech0 has Stored XSS via SVG Upload and Content-Type Validation Bypass in File Upload
Summary The file upload endpoint validates Content-Type using only the client-supplied multipart header, with no server-side content inspection or file extension validation. Combined with an unauthenticated static file server that determines Content-Type from file extension, this allows an admin ...
Ech0 has Stored XSS via SVG Upload and Content-Type Validation Bypass in File Upload
Summary The file upload endpoint validates Content-Type using only the client-supplied multipart header, with no server-side content inspection or file extension validation. Combined with an unauthenticated static file server that determines Content-Type from file extension, this allows an admin ...
Gokapi's File Request MaxSize Limit Bypassed via Multi-Chunk Upload
Summary The chunked upload completion path for file requests does not validate the total file size against the per-request MaxSize limit. An attacker with a public file request link can split an oversized file into chunks each under MaxSize and upload them sequentially, bypassing the size...
GHSA-45VH-RPC8-HXPP Gokapi's File Request MaxSize Limit Bypassed via Multi-Chunk Upload
Summary The chunked upload completion path for file requests does not validate the total file size against the per-request MaxSize limit. An attacker with a public file request link can split an oversized file into chunks each under MaxSize and upload them sequentially, bypassing the size...
CVE-2026-2589
The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 12.8.3 via the automated Settings Backup stored in a publicly accessible file. This makes it possible for unauthenticated attackers to...
SUSE CVE-2026-25242
Gogs is an open source self-hosted Git service. Versions 0.13.4 and below expose unauthenticated file upload endpoints by default. When the global RequireSigninView setting is disabled default, any remote user can upload arbitrary files to the server via /releases/attachments and...
CVE-2026-25242
Gogs is an open source self-hosted Git service. Versions 0.13.4 and below expose unauthenticated file upload endpoints by default. When the global RequireSigninView setting is disabled default, any remote user can upload arbitrary files to the server via /releases/attachments and...
CVE-2026-25242
Gogs is an open source self-hosted Git service. Versions 0.13.4 and below expose unauthenticated file upload endpoints by default. When the global RequireSigninView setting is disabled default, any remote user can upload arbitrary files to the server via /releases/attachments and...
CVE-2026-25242 Gogs allows unauthenticated file uploads
Gogs is an open source self-hosted Git service. Versions 0.13.4 and below expose unauthenticated file upload endpoints by default. When the global RequireSigninView setting is disabled default, any remote user can upload arbitrary files to the server via /releases/attachments and...
CVE-2026-25242 Gogs allows unauthenticated file uploads
Gogs is an open source self-hosted Git service. Versions 0.13.4 and below expose unauthenticated file upload endpoints by default. When the global RequireSigninView setting is disabled default, any remote user can upload arbitrary files to the server via /releases/attachments and...
GHSA-FC3H-92P8-H36F Unauthenticated File Upload in Gogs
Security Advisory:Unauthenticated File Upload in Gogs Vulnerability Type: Unauthenticated File Upload Date: Aug 5, 2025 Discoverer: OpenAI Security Research Summary Gogs exposes unauthenticated file upload endpoints by default. When the global RequireSigninView setting is disabled default, any...
PT-2026-20323
Name of the Vulnerable Software and Affected Versions Gogs versions 0.13.4 and below Gogs versions prior to 0.14.1 Description Gogs, a self-hosted Git service, has an issue where unauthenticated file upload is possible by default. When the RequireSigninView setting is disabled which is the defaul...
CVE-2026-22257
CVE-2026-22257 (Salvo) : The Rust web framework Salvo is vulnerable prior to 0.88.1 due to the list_html function in the serve-static directory not sanitizing file/folder names when generating a folder view. This can enable stored cross-site scripting (XSS) when a site serves public files and use...
PT-2025-53386
Name of the Vulnerable Software and Affected Versions Tenda CH22 version 1.0.0.1 Description A path traversal weakness exists in Tenda CH22 version 1.0.0.1. This issue impacts an unknown function within the /public/ file. Remote attackers can exploit this to perform path traversal. The exploit is...
CVE-2025-14159
The Secure Copy Content Protection and Content Locking plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.9.2. This is due to missing nonce validation on the 'ayssccpresultsexportfile' AJAX action. This makes it possible for unauthenticated...
PT-2025-50925
The Secure Copy Content Protection and Content Locking plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.9.2. This is due to missing nonce validation on the 'ays sccp results export file' AJAX action. This makes it possible for unauthenticate...
EUVD-2025-176692
Malicious code in report-serialize-rho-public-file npm...