2 matches found
CVE-2026-24741
Summary: CVE-2026-24741 affects ConvertX, a self-hosted online file converter. Versions prior to 0.17.0 allow a crafted filename in the POST /delete endpoint to form a filesystem path and call unlink without proper validation, enabling path traversal (e.g., ../) to delete arbitrary files outside ...
CVE-2025-66449
ConvertX is affected by an arbitrary file write and code execution vulnerability in versions prior to 0.16.0. The issue stems from the /upload endpoint, where the file.name parameter is taken directly from user input without sanitization, enabling an authenticated attacker to overwrite system bin...