VYPR

Fess

by Codelibs

Source repositories

CVEs (2)

  • CVE-2026-8211MedMay 9, 2026
    risk 0.31cvss 4.7epss 0.00

    A vulnerability was detected in codelibs Fess up to 15.5.1. Affected by this issue is the function update of the file org/codelibs/fess/app/web/admin/design/AdminDesignAction.java of the component JSP File Handler. The manipulation of the argument content results in code…

  • CVE-2025-48382May 27, 2025
    risk 0.00cvss epss 0.00

    Fess is a deployable Enterprise Search Server. Prior to version 14.19.2, the createTempFile() method in org.codelibs.fess.helper.SystemHelper creates temporary files without explicitly setting restrictive permissions. This could lead to potential information disclosure, allowing…