VYPR

Openlist

by Openlistteam

Source repositories

CVEs (2)

  • CVE-2026-25060Feb 2, 2026
    risk 0.00cvss epss 0.00

    OpenList Frontend is a UI component for OpenList. Prior to 4.1.10, certificate verification is disabled by default for all storage driver communications. The TlsInsecureSkipVerify setting is default to true in the DefaultConfig() function in internal/conf/config.go. This…

  • CVE-2026-25059Feb 2, 2026
    risk 0.00cvss epss 0.01

    OpenList Frontend is a UI component for OpenList. Prior to 4.1.10, the application contains path traversal vulnerability in multiple file operation handlers in server/handles/fsmanage.go. Filename components in req.Names are directly concatenated with validated directories using…