Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8
CVE-2026-25726
- EPSS 0.06%
- Veröffentlicht 03.04.2026 20:06:21
- Zuletzt bearbeitet 13.04.2026 18:31:43
Cloudreve is a self-hosted file management and sharing system. Prior to version 4.13.0, the application uses the weak pseudo-random number generator math/rand seeded with time.Now().UnixNano() to generate critical security secrets, including the secr...
5.4
CVE-2022-32167
- EPSS 0.22%
- Veröffentlicht 20.09.2022 15:15:10
- Zuletzt bearbeitet 21.11.2024 07:05:52
Cloudreve versions v1.0.0 through v3.5.3 are vulnerable to Stored Cross-Site Scripting (XSS), via the file upload functionality. A low privileged user will be able to share a file with an admin user, which could lead to privilege escalation.
1