Lucene search
+L

76 matches found

NVD
NVD
added 3 days ago8 views

CVE-2026-33684

WWBN AVideo is an open source video platform. Prior to version 29.0, Privilege Escalation is possible through unguarded permission parameters in signUp API, which allows any user who can solve a CAPTCHA to self-grant elevated permissions during account registration. The setapisignUp method in the...

5.3CVSS0.00329EPSS
Exploits0References1
Cvelist
Cvelist
added 3 days ago32 views

CVE-2026-33684 AVideo's Privilege AVideo: Escalation via Unguarded Permission Parameters in signUp API Allows Self-Granting Upload/Stream/Meet Permissions

WWBN AVideo is an open source video platform. Prior to version 29.0, Privilege Escalation is possible through unguarded permission parameters in signUp API, which allows any user who can solve a CAPTCHA to self-grant elevated permissions during account registration. The setapisignUp method in the...

5.3CVSS0.00329EPSS
Exploits0References1
OSV
OSV
added 3 days ago3 views

CVE-2026-33684 AVideo's Privilege AVideo: Escalation via Unguarded Permission Parameters in signUp API Allows Self-Granting Upload/Stream/Meet Permissions

WWBN AVideo is an open source video platform. Prior to version 29.0, Privilege Escalation is possible through unguarded permission parameters in signUp API, which allows any user who can solve a CAPTCHA to self-grant elevated permissions during account registration. The setapisignUp method in the...

5.3CVSS6.1AI score0.00329EPSS
Exploits0References3
CVE
CVE
added 3 days ago14 views

CVE-2026-33684

Summary: CVE-2026-33684 affects WWBN AVideo prior to 29.0. The set_api_signUp API path accepts and applies user-supplied emailVerified, canUpload, canStream, and canCreateMeet values to new accounts without confirming a valid APISecret, enabling CAPTCHA-solved (anonymous) or APISecret-authenticat...

5.3CVSS6.1AI score0.00329EPSS
Exploits0References1
EUVD
EUVD
added 3 days ago6 views

EUVD-2026-44707

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. From 2.63.6 to 2.63.16, File Browser's archive builder uses strings.ReplaceAllnameInArchive, "", "/", which turns a POSIX filename such as ....\evil.sh into the...

6.8CVSS6.1AI score0.00259EPSS
Exploits0References3
OSV
OSV
added 3 days ago5 views

CVE-2026-62843 File Browser: Archive builder turns backslash filenames into path traversal (zip-slip)

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. From 2.63.6 to 2.63.16, File Browser's archive builder uses strings.ReplaceAllnameInArchive, "", "/", which turns a POSIX filename such as ....\evil.sh into the...

6.8CVSS6.1AI score0.00259EPSS
Exploits0References5
NVD
NVD
added 5 days ago7 views

CVE-2026-61504

Rejetto HFS 3.0.0 through 3.2.0 does not escape file names in its fallback "basic" web listing, and this listing can be forced by any browser via the ?get=basic parameter. A user with upload permission - or an anonymous user on servers with an open upload folder - can store a file whose name...

5.4CVSS0.00173EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 5 days ago4 views

CVE-2026-61504

Rejetto HFS 3.0.0 through 3.2.0 does not escape file names in its fallback "basic" web listing, and this listing can be forced by any browser via the ?get=basic parameter. A user with upload permission - or an anonymous user on servers with an open upload folder - can store a file whose name...

5.4CVSS6.1AI score0.00173EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 5 days ago29 views

CVE-2026-61504 Rejetto HFS < 3.2.1 Stored XSS via File Names in Basic Web Listing

Rejetto HFS 3.0.0 through 3.2.0 does not escape file names in its fallback "basic" web listing, and this listing can be forced by any browser via the ?get=basic parameter. A user with upload permission - or an anonymous user on servers with an open upload folder - can store a file whose name...

5.4CVSS0.00173EPSS
Exploits0References2
CVE
CVE
added 5 days ago11 views

CVE-2026-61504

CVE-2026-61504 affects Rejetto HFS 3.0.0–3.2.0, where the basic web listing does not escape file names and can be forced with the browser parameter ?get=basic. This enables stored XSS: a file with a script in its name can execute in the viewer’s browser when the listing is viewed, potentially by ...

5.4CVSS6.1AI score0.00173EPSS
Exploits0References2
OSV
OSV
added 2026/06/23 6:3 p.m.2 views

GHSA-J4H9-PM27-4RFW OctoPrint has possible file exfiltration via query parameters on upload endpoints

Impact OctoPrint versions up until and including 1.11.7 as well as 2.0.0rc1 and 2.0.0rc2 contain a vulnerability that allows an attacker with the FILEUPLOAD permission to exfiltrate files from the host that OctoPrint has read access to, by moving them into the upload folder where they then can be...

7CVSS5.9AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.17 views

PT-2026-51635

Name of the Vulnerable Software and Affected Versions OctoPrint versions prior to 1.11.8 OctoPrint versions 2.0.0rc1 through 2.0.0rc2 Description An issue exists where an attacker with FILE UPLOAD permissions can exfiltrate files from the host that OctoPrint has read access to by moving them into...

7CVSS6.2AI score
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/06/05 7:30 p.m.11 views

CVE-2026-42885

Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.32.2, the POST /api/filesystem/pathexists endpoint uses String.startsWith to validate that a resolved file path is within a library folder. This check fails for sibling directories whose names share a common prefix e.g.,...

4.3CVSS5.5AI score0.00236EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/15 9:26 p.m.15 views

EUVD-2026-30656

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.3, the audio transcription upload endpoint takes the file extension from the user-supplied filename and saves the file under CACHEDIR/audio/transcriptions/.. The /cache/path route serve...

8.7CVSS5.8AI score0.0018EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/05/13 8:23 p.m.14 views

CVE-2026-43876

WWBN AVideo is an open source video platform. In versions up to and including 29.0, objects/notifySubscribers.json.php takes the raw message POST parameter and passes it into sendSiteEmail, which substitutes it directly into an HTML email template via strreplace on the message placeholder and...

6.4CVSS5.9AI score0.00156EPSS
Exploits0References1
OSV
OSV
added 2026/05/11 8:33 p.m.4 views

CVE-2026-43876 WWBN AVideo: HTML Injection in notifySubscribers.json.php Enables Platform-Branded Phishing Emails to Channel Subscribers

WWBN AVideo is an open source video platform. In versions up to and including 29.0, objects/notifySubscribers.json.php takes the raw message POST parameter and passes it into sendSiteEmail, which substitutes it directly into an HTML email template via strreplace on the message placeholder and...

6.4CVSS6AI score0.00156EPSS
Exploits0References4
CVE
CVE
added 2026/05/11 8:33 p.m.14 views

CVE-2026-43876

CVE-2026-43876 describes an HTML injection vulnerability in WWBN AVideo: objects/notifySubscribers.json.php passes $_POST['message'] un sanitized into an HTML email template, then renders it with PHPMailer::msgHTML(). Attacker-controlled HTML is substituted into the email body and, due to a permi...

6.4CVSS5.9AI score0.00156EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/11 7:52 p.m.13 views

CVE-2026-42885 Audiobookshelf: Path prefix bypass in filesystem existence check leaks out-of-scope file existence

Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.32.2, the POST /api/filesystem/pathexists endpoint uses String.startsWith to validate that a resolved file path is within a library folder. This check fails for sibling directories whose names share a common prefix e.g.,...

4.3CVSS5.8AI score0.00236EPSS
Exploits0References1
CVE
CVE
added 2026/05/11 7:52 p.m.18 views

CVE-2026-42885

CVE-2026-42885 : Audiobookshelf (self-hosted server) has a path-prefix bypass in the POST /api/filesystem/pathexists check. Before version 2.32.2, the code uses String.startsWith() to verify a resolved path is within a library folder, which fails for sibling directories with a shared prefix (for ...

4.3CVSS5.8AI score0.00236EPSS
Exploits0References1
OSV
OSV
added 2026/05/11 7:52 p.m.6 views

CVE-2026-42885 Audiobookshelf: Path prefix bypass in filesystem existence check leaks out-of-scope file existence

Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.32.2, the POST /api/filesystem/pathexists endpoint uses String.startsWith to validate that a resolved file path is within a library folder. This check fails for sibling directories whose names share a common prefix e.g.,...

4.3CVSS6AI score0.00236EPSS
Exploits0References3
Rows per page
Query Builder