VYPR

Dumbassets

by Dumbwareio

Source repositories

CVEs (2)

  • CVE-2026-45230CriMay 18, 2026
    risk 0.52cvss 9.1epss 0.01

    DumbAssets through 1.0.11 contains a path traversal vulnerability in the POST /api/delete-file endpoint and filesToDelete array parameters that allows unauthenticated attackers to delete arbitrary files by supplying ../ sequences that bypass directory boundary validation.…

  • CVE-2026-45231MedMay 18, 2026
    risk 0.33cvss 6.1epss 0.00

    DumbAssets through 1.0.11 contains a stored cross-site scripting vulnerability in asset fields including name, description, modelNumber, serialNumber, and tags that are stored without server-side sanitization and rendered using innerHTML without client-side escaping. Attackers…