VYPR

Dumbdrop

by Dumbwareio

Source repositories

CVEs (3)

  • CVE-2025-24971CriFeb 4, 2025
    risk 0.55cvss epss 0.03

    DumpDrop is a stupid simple file upload application that provides an interface for dragging and dropping files. An OS Command Injection vulnerability was discovered in the DumbDrop application, `/upload/init` endpoint. This vulnerability could allow an attacker to execute…

  • CVE-2025-24891CriJan 31, 2025
    risk 0.55cvss 9.6epss 0.01

    Dumb Drop is a file upload application. Users with permission to upload to the service are able to exploit a path traversal vulnerability to overwrite arbitrary system files. As the container runs as root by default, there is no limit to what can be overwritten. With this, it's…

  • CVE-2025-47929LowMay 15, 2025
    risk 0.07cvss epss 0.00

    DumbDrop, a file upload application that provides an interface for dragging and dropping files, has a DOM cross-site scripting vulnerability in the upload functionality prior to commit db27b25372eb9071e63583d8faed2111a2b79f1b. A user could be tricked into uploading a file with a…