| CVE-2025-54589 |
unknown |
— |
1.0 |
|
|
|
10mo ago |
copyparty Reflected XSS via Filter Parameter |
| CVE-2023-38501 |
unknown |
— |
1.0 |
|
|
|
3y ago |
copyparty is file server software. Prior to version 1.8.7, the application contains a reflected cross-site scripting via URL-parameter `?k304=...` and `?setck=...`. The worst-case outcome of this is … |
| CVE-2026-32109 |
unknown |
— |
— |
|
|
|
3mo ago |
Copyparty is a portable file server. Prior to 1.20.12, if an attacker has been given both read- and write-permissions to the server, they can upload a malicious file with the filename .prologue.html … |
| CVE-2026-32108 |
unknown |
— |
— |
|
|
|
3mo ago |
Copyparty is a portable file server. Prior to 1.20.12, there was a missing permission-check in the shares feature (the shr global-option). This vulnerability only applies when the shares feature is u… |
| CVE-2026-30974 |
unknown |
— |
— |
|
|
|
3mo ago |
copyparty: volflag `nohtml` did not block javascript in svg files |
| CVE-2026-27948 |
unknown |
— |
— |
|
|
|
3mo ago |
Copyparty vulnerable to reflected XSS via setck parameter |
| CVE-2025-58753 |
unknown |
— |
— |
|
|
|
9mo ago |
copyparty: Sharing a single file does not fully restrict access to other files in source folder |
| CVE-2025-54796 |
unknown |
— |
— |
|
|
|
10mo ago |
copyparty allows Regex Denial of Service (ReDoS) in the upload listing |
| CVE-2025-54423 |
unknown |
— |
— |
|
|
|
10mo ago |
copyparty has DOM-Based XSS vulnerability when displaying multimedia metadata |
| CVE-2025-27145 |
unknown |
— |
— |
|
|
|
1y ago |
copyparty renders unsanitized filenames as HTML when user uploads empty files |
| CVE-2023-37474 |
unknown |
— |
— |
|
|
|
3y ago |
Copyparty is a portable file server. Versions prior to 1.8.2 are subject to a path traversal vulnerability detected in the `.cpr` subfolder. The Path Traversal attack technique allows an attacker acc… |
