VYPR
Vendor

Alist

Products
1
CVEs
6
Across products
6
Status
Private

Products

1

Recent CVEs

6
  • CVE-2023-33498HigJun 7, 2023
    risk 0.57cvss 8.8epss 0.01

    alist <=3.16.3 is vulnerable to Incorrect Access Control. Low privilege accounts can upload any file.

  • CVE-2022-45969CriDec 15, 2022
    risk 0.57cvss 9.8epss 0.01

    Alist v3.4.0 is vulnerable to Directory Traversal,

  • CVE-2022-45968HigDec 12, 2022
    risk 0.50cvss 8.8epss 0.01

    Alist v3.4.0 is vulnerable to File Upload. A user with only file upload permission can upload any file to any folder (even a password protected one).

  • CVE-2023-31726HigMay 23, 2023
    risk 0.49cvss 7.5epss 0.01

    AList 3.15.1 is vulnerable to Incorrect Access Control, which can be exploited by attackers to obtain sensitive information.

  • CVE-2022-45970MedDec 12, 2022
    risk 0.35cvss 5.4epss 0.00

    Alist v3.5.1 is vulnerable to Cross Site Scripting (XSS) via the bulletin board.

  • CVE-2022-26533MedMar 12, 2022
    risk 0.33cvss 6.1epss 0.01

    Alist v2.1.0 and below was discovered to contain a cross-site scripting (XSS) vulnerability via /i/:data/ipa.plist.