CVE-2026-40188

goshs is a SimpleHTTPServer written in Go. From 1.0.7 to before 2.0.0-beta.4, the SFTP command rename sanitizes only the source path and not the destination, so it is possible to write outside of the root directory of the SFTP. This vulnerability is fixed in 2.0.0-beta.4...

PT-2026-32038

Name of the Vulnerable Software and Affected Versions: goshs versions 1.0.7 through 2.0.0-beta.4 Description: goshs is a SimpleHTTPServer written in Go. The SFTP command rename sanitizes only the source path and not the destination, allowing a write outside of the root directory of the SFTP. This...

CVE-2026-35393 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in goshs POST multipart upload

goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.3, the POST multipart upload directory not sanitized. This vulnerability is fixed in 2.0.0-beta.3...

CVE-2026-34581

goshs is a SimpleHTTPServer written in Go. From version 1.1.0 to before version 2.0.0-beta.2, when using the Share Token it is possible to bypass the limited selected file download with all the gosh functionalities, including code exec. This issue has been patched in version 2.0.0-beta.2...

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the Organization V2Beta API endpoints. An attacker can access and modify data belonging to other organizations by bypassing authorization checks with administrator privileges for a...

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the Organization V2Beta API endpoints. An attacker can access and modify data belonging to other organizations by bypassing authorization checks with administrator privileges for a...

CVE-2019-25225

sanitize-html prior to version 2.0.0-beta is vulnerable to Cross-site Scripting XSS. The sanitizeHtml function in index.js does not sanitize content when using the custom transformTags option, which is intended to convert attribute values into text. As a result, malicious input can be transformed...

PT-2025-36452

Name of the Vulnerable Software and Affected Versions: sanitize-html versions prior to 2.0.0-beta Description: The sanitizeHtml function in index.js does not sanitize content when using the custom transformTags option, which is intended to convert attribute values into text. This allows malicious...

Dcat Admin 安全漏洞

Dcat Admin is a backend system builder based on the secondary development of laravel-admin by Jiang Qinghua. A security vulnerability exists in Dcat Admin v2.2.0-beta and v2.2.2-beta, which was discovered to contain a cross-site scripting vulnerability via /admin/auth/menu and...

ABCD2 跨站脚本漏洞

ABCD2 is an ABCD open source software suite for library and documentation center automation. A cross-site scripting vulnerability exists in ABCD2 2.2.0-beta-1 and earlier versions, which stems from some unknown handling of the file /buscarintegrada.php, where manipulation of the parameter...

FreeRDP Denial of Service Vulnerability (CNVD-2017-25707)

FreeRDP is a free, open source implementation of the Remote Desktop Protocol RDP developed by the FreeRDP team. A denial of service vulnerability exists in FreeRDP version 2.0.0-beta1+android11. A remote attacker can exploit this vulnerability to cause a denial of service with the help of special...