VYPR

npm package

@sync-in/server

pkg:npm/%40sync-in/server

Vulnerabilities (2)

  • CVE-2026-41161MedMay 8, 2026
    affected < 2.2.0fixed 2.2.0

    Sync-in Server is a secure, open-source platform for file storage, sharing, collaboration, and syncing. Prior to version 2.2.0, the /api/auth/login endpoint contains a logic flaw that allows unauthenticated remote attackers to enumerate valid usernames by measuring the applicatio

  • CVE-2025-67438Feb 20, 2026
    affected < 1.9.3fixed 1.9.3

    A Stored Cross-Site Scripting (XSS) vulnerability in Sync-in Server before 1.9.3 allows an authenticated attacker to execute arbitrary JavaScript in a victim's browser. By uploading a crafted SVG file containing a malicious payload, an attacker can access and exfiltrate sensitive