已获得编号
Site Theme
【CVE-2026-4588】Pre-Auth shareSafeGroup sk Forgery in kodbox 1.64 Leading to Unauthorized Disclosure of Organization and User Information
【CVE-2026-4589】Post-Auth SSRF in explorer/editor/fileGet via URL Path Parameter
【CVE-2026-4831】Post-Auth Collaborative Share Folder Password Bypass via Direct shareItem → fileOut Access
【CVE-2026-4830】Pre-Auth RCE via Public Editable Share Link Allowing PHP Upload to Web Root
【CVE-2026-4592】Pre-Auth 2FA Bypass via withTfa / wiotTfa Logic Leading to Password-Only Login
【CVE-2026-4590】Pre-Auth OAuth third Parameter Forgery plus CSRF-Bindable unionid Leading to Arbitrary Account Takeover
【CVE-2026-4591】Post-Auth Command Execution via fileThumb ffmpegBin/imagickBin Command Concatenation (V03)
【CVE-2026-6568】KodExplorer v4.52 Pre-Auth Path Traversal in Public Share Allows Escaping the Shared Root to Enumerate Parent Private Directories, Read File Contents, Leak Parent `.oexe` Content, and Download Non-Shared Data
【CVE-2026-6570】KodExplorer v4.52 Post-Auth Authorization Bypass in `systemMember/initInstall` Allows Low-Privilege Users to Reset Other Users’ Directory Mappings
【CVE-2026-6569】KodExplorer v4.52 Pre-Auth Reflected SSRF in `share/fileGet` Allows Unauthenticated Access to Localhost, Internal Services, and Cloud Metadata
【CVE-2026-6571】KodExplorer v4.52 Post-Auth Authorization Bypass in systemRole/get Allows Low-Privilege Users to Modify Global Read-Only Templates and Grant Write Access to Public Group Members
【CVE-2026-6572】KodExplorer v4.52 Pre-Auth Business Logic Bypass in `share/fileUpload` Allows Anonymous File Upload to Shared Folders with `canUpload` Disabled
【CVE-2026-6573】PHPEMS 11.0 Post-Auth SSRF via Controllable `uploadfile` Parameter in `exam-master-exams-temppage`
【CVE-2026-6574】LightPicture (https://github.com/osuuu/LightPicture) v1.2.2 Pre-Auth Hardcoded Static `Secret_key` Allows Administrator API Access and Credential Compromise
【CVE-2026-5618】Kodbox 1.64 Pre-Auth SSRF via Forged ShareOut _check Token
已获得编号
1
Subpages:
【CVE-2026-4588】Pre-Auth shareSafeGroup sk Forgery in kodbox 1.64 Leading to Unauthorized Disclosure of Organization and User Information
【CVE-2026-4589】Post-Auth SSRF in explorer/editor/fileGet via URL Path Parameter
【CVE-2026-4831】Post-Auth Collaborative Share Folder Password Bypass via Direct shareItem → fileOut Access
【CVE-2026-4830】Pre-Auth RCE via Public Editable Share Link Allowing PHP Upload to Web Root
【CVE-2026-4592】Pre-Auth 2FA Bypass via withTfa / wiotTfa Logic Leading to Password-Only Login
【CVE-2026-4590】Pre-Auth OAuth third Parameter Forgery plus CSRF-Bindable unionid Leading to Arbitrary Account Takeover
【CVE-2026-4591】Post-Auth Command Execution via fileThumb ffmpegBin/imagickBin Command Concatenation (V03)
【CVE-2026-6568】KodExplorer v4.52 Pre-Auth Path Traversal in Public Share Allows Escaping the Shared Root to Enumerate Parent Private Directories, Read File Contents, Leak Parent `.oexe` Content, and Download Non-Shared Data
【CVE-2026-6570】KodExplorer v4.52 Post-Auth Authorization Bypass in `systemMember/initInstall` Allows Low-Privilege Users to Reset Other Users’ Directory Mappings
【CVE-2026-6569】KodExplorer v4.52 Pre-Auth Reflected SSRF in `share/fileGet` Allows Unauthenticated Access to Localhost, Internal Services, and Cloud Metadata
【CVE-2026-6571】KodExplorer v4.52 Post-Auth Authorization Bypass in systemRole/get Allows Low-Privilege Users to Modify Global Read-Only Templates and Grant Write Access to Public Group Members
【CVE-2026-6572】KodExplorer v4.52 Pre-Auth Business Logic Bypass in `share/fileUpload` Allows Anonymous File Upload to Shared Folders with `canUpload` Disabled
【CVE-2026-6573】PHPEMS 11.0 Post-Auth SSRF via Controllable `uploadfile` Parameter in `exam-master-exams-temppage`
【CVE-2026-6574】LightPicture (https://github.com/osuuu/LightPicture) v1.2.2 Pre-Auth Hardcoded Static `Secret_key` Allows Administrator API Access and Credential Compromise
【CVE-2026-5618】Kodbox 1.64 Pre-Auth SSRF via Forged ShareOut _check Token
已获得编号