Lucene search
+L

7 matches found

EUVD
EUVD
added 2026/07/08 12:37 a.m.6 views

EUVD-2026-42152

An authenticated stored cross-site scripting XSS vulnerability in the Upload File Shares API of LiquidFiles v4.2.7 allows attackers to execute arbitrary Javascript or HTML via injecting a crafted payload into the Name parameter...

5.4CVSS6AI score0.00141EPSS
Exploits0References3
OSV
OSV
added 2026/06/26 7:32 p.m.4 views

CVE-2026-44735 OpenProject: Shares API Information Disclosure

OpenProject is open-source, web-based project management software. Prior to 17.3.2 and 17.4.0, the GET /api/v3/shares endpoint returns share details for ALL work packages in a project to any user with the viewsharedworkpackages permission. The authorization check operates at the project level onl...

6.5CVSS5.9AI score0.0027EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/26 7:32 p.m.25 views

CVE-2026-44735 OpenProject: Shares API Information Disclosure

OpenProject is open-source, web-based project management software. Prior to 17.3.2 and 17.4.0, the GET /api/v3/shares endpoint returns share details for ALL work packages in a project to any user with the viewsharedworkpackages permission. The authorization check operates at the project level onl...

6.5CVSS0.0027EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/08 3:30 a.m.8 views

CVE-2026-8133

A security vulnerability has been detected in zyx0814 FilePress up to 2.2.0. Affected by this vulnerability is an unknown functionality of the file dzz/shares/admin.php of the component Shares Filelist API. Such manipulation of the argument order leads to sql injection. The attack can be launched...

7.5CVSS6.7AI score0.00272EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2024/06/25 1:0 p.m.5 views

MAL-2024-3008 Malicious code in shares-api (npm)

--- -= Per source details. Do not edit below this line.=-...

7.1AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/06/25 1:0 p.m.1 views

Malicious code in shares-api (npm)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0References1
Snyk
Snyk
added 2023/03/01 8:18 a.m.2 views

Malicious Package

Overview shares-api is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package was...

9.8CVSS7.1AI score
Exploits0References3
Rows per page
Query Builder