11 matches found
CVE-2026-54096
File Browser exposes a vulnerability: an authenticated user can create a public share for a path that does not yet exist, and that share becomes valid later when a file is created at that path, potentially exposing future files via GET /api/public/dl/. The issue is triggered by POST /api/share/, ...
PT-2026-49068
Name of the Vulnerable Software and Affected Versions File Browser versions prior to 2.63.7 Description An authenticated user can create a public share for an arbitrary path that does not yet exist. The system stores the share record without verifying the file's existence. Consequently, if a file...
EUVD-2026-29333
Outline is a service that allows for collaborative documentation. Prior to 1.7.0, the shares.create API accepts both collectionId and documentId simultaneously and, when published=false, only verifies read access for each—skipping the "share" permission check. A subsequent shares.update authorize...
CVE-2026-41649 Outline has IDOR in document share creation that allows unauthorized access to private documents across workspaces
Outline is a service that allows for collaborative documentation. The shares.create API endpoint starting in version 0.86.0 and prior to version 1.7.0 has an insecure direct object reference.. When both collectionId and documentId are provided in the request, the authorization logic only checks...
PT-2026-26891
NetAware 1.20 contains a buffer overflow vulnerability in the Share Name field that allows local attackers to crash the application by supplying an excessively long string. Attackers can trigger a denial of service by pasting a 1000-byte buffer into the Share Name parameter when adding a new shar...
Erugo code issues and vulnerabilities
Erugo is an open-source file sharing platform developed by Erugo. Versions of Erugo 0.2.14 and earlier have code vulnerabilities. These vulnerabilities stem from insufficient path validation when creating shares. This allows low-privilege users to upload arbitrary files to designated locations,...
CVE-2025-28142
Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC V31.0.15 was discovered to contain a command injection vulnerability via the foldername in /boafrm/formDiskCreateShare...
Require statement will allow WhitlistedShareCreators to create a share when share Creation is Restricted
Lines of code Vulnerability details Impact Sharecreators can create new shares even when share creation is restricted. Proof of Concept 1. owner restricts share creation. function restrictShareCreationbool isRestricted external onlyOwner requireshareCreationRestricted != isRestricted, "State...
Creator can earn holder fee
Lines of code Vulnerability details Impact Creator can earn creator and holder as well. Proof of Concept In market.sol contract there is a buy function which cannot be used by creator of share. requireshareDataid.creator != msg.sender, "Creator cannot buy"; However, it's still possible for creato...
Nextcloud 安全特征问题漏洞
Nextcloud is a suite of open source, self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. Nextcloud suffers from a security signature issue vulnerability that stems from the weak complexity of the backup password generated when creating a share,...
Moderate: Red Hat Security Advisory: openstack-manila security update
An update for openstack-manila is now available for Red Hat OpenStack Platform 16 Train. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...