CVE-2019-20452

A problem was found in Pydio Core before 8.2.4 and Pydio Enterprise before 8.2.4. A PHP object injection is present in the page plugins/core.access/src/RecycleBinManager.php. An authenticated user with basic privileges can inject objects and achieve remote code execution...

EUVD-2019-10999

Malware in sbrugna...

EUVD-2024-54428

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2019-9642

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in proxy.php in pydio-core in Pydio through 8.2.2. Through an unauthenticated request, it possible to evaluate malicious PHP code by...

Pydio Core End of Life (EOL) Detection

The Pydio Core version on the remote host has reached the end of life EOL and should not be used anymore. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Pydio Core <= 8.2.5 XSS Vulnerability

Pydio Core is prone to a cross-site scripting XSS vulnerability via the New URL Bookmark feature. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-on...

CVE-2024-40124

Pydio Core = 8.2.5 is vulnerable to Cross Site Scripting XSS via the New URL Bookmark feature...

CVE-2024-40124

Pydio Core = 8.2.5 is vulnerable to Cross Site Scripting XSS via the New URL Bookmark feature...

CVE-2024-40124

Pydio Core = 8.2.5 is vulnerable to Cross Site Scripting XSS via the New URL Bookmark feature...

CVE-2024-40124

Pydio Core = 8.2.5 is vulnerable to Cross Site Scripting XSS via the New URL Bookmark feature...

PT-2025-17202 · Unknown · Pydio Core

Name of the Vulnerable Software and Affected Versions: Pydio Core versions 8.2.5 and earlier Description: The issue is related to Cross Site Scripting XSS via the New URL Bookmark feature. This allows for potential malicious script execution. Recommendations: For Pydio Core versions 8.2.5 and...

CVE-2024-40124

Summary (CVE-2024-40124): Pydio Core versions up to 8.2.5 are vulnerable to a cross-site scripting (XSS) flaw in the New URL Bookmark feature. The issue is confirmed across multiple sources (OpenVAS, Red Hat, CVE records). Remediation: upgrade to a version later than 8.2.5 or apply the hotfix/pat...

CVE-2024-40124

Pydio Core = 8.2.5 is vulnerable to Cross Site Scripting XSS via the New URL Bookmark feature...

Pydio Core 安全漏洞

Pydio Core is a document sharing and collaboration platform core program from Pydio, Inc. A security vulnerability exists in Pydio Core 8.2.5 and earlier versions, which stems from a cross-site scripting vulnerability in the New URL Bookmark feature...

Pydio Core and Pydio Enterprise Injection Vulnerabilities

Pydio AjaXplorer is a web-based remote file manager. The manager supports uploading and downloading files, online file editing, image previewing and more. A security vulnerability exists in the plugins/uploader.http/HttpDownload.php file in Pydio Core before 8.2.4 and Pydio Enterprise before 8.2....

CVE-2019-20453

A problem was found in Pydio Core before 8.2.4 and Pydio Enterprise before 8.2.4. A PHP object injection is present in the page plugins/uploader.http/HttpDownload.php. An authenticated user with basic privileges can inject objects and achieve remote code execution...

CVE-2019-20453

CVE-2019-20453 affects Pydio Core (before 8.2.4) and Pydio Enterprise (before 8.2.4). A PHP object injection flaw exists in the page plugins/uploader.http/HttpDownload.php. An authenticated user with basic privileges can inject objects and achieve remote code execution. Public details across mult...

CVE-2019-20453

A problem was found in Pydio Core before 8.2.4 and Pydio Enterprise before 8.2.4. A PHP object injection is present in the page plugins/uploader.http/HttpDownload.php. An authenticated user with basic privileges can inject objects and achieve remote code execution...

CVE-2019-20452

Summary: CVE-2019-20452 affects Pydio Core (pre-8.2.4) and Pydio Enterprise (pre-8.2.4). A PHP object injection vulnerability resides in plugins/core.access/src/RecycleBinManager.php. An authenticated user with basic privileges can inject objects and achieve remote code execution. The issue is do...

UBUNTU-CVE-2019-9642

An issue was discovered in proxy.php in pydio-core in Pydio through 8.2.2. Through an unauthenticated request, it possible to evaluate malicious PHP code by placing it on the fourth line of a .php file, as demonstrated by a PoC.php created by the guest account, with execution via a...