VYPR
Vendor

Dumbwareio

Products
2
CVEs
5
Across products
5
Status
Private

Products

2

Recent CVEs

5
  • CVE-2025-24971CriFeb 4, 2025
    risk 0.55cvss epss 0.03

    DumpDrop is a stupid simple file upload application that provides an interface for dragging and dropping files. An OS Command Injection vulnerability was discovered in the DumbDrop application, `/upload/init` endpoint. This vulnerability could allow an attacker to execute…

  • CVE-2025-24891CriJan 31, 2025
    risk 0.55cvss 9.6epss 0.01

    Dumb Drop is a file upload application. Users with permission to upload to the service are able to exploit a path traversal vulnerability to overwrite arbitrary system files. As the container runs as root by default, there is no limit to what can be overwritten. With this, it's…

  • CVE-2026-45230CriMay 18, 2026
    risk 0.52cvss 9.1epss 0.01

    DumbAssets through 1.0.11 contains a path traversal vulnerability in the POST /api/delete-file endpoint and filesToDelete array parameters that allows unauthenticated attackers to delete arbitrary files by supplying ../ sequences that bypass directory boundary validation.…

  • CVE-2026-45231MedMay 18, 2026
    risk 0.33cvss 6.1epss 0.00

    DumbAssets through 1.0.11 contains a stored cross-site scripting vulnerability in asset fields including name, description, modelNumber, serialNumber, and tags that are stored without server-side sanitization and rendered using innerHTML without client-side escaping. Attackers…

  • CVE-2025-47929LowMay 15, 2025
    risk 0.07cvss epss 0.00

    DumbDrop, a file upload application that provides an interface for dragging and dropping files, has a DOM cross-site scripting vulnerability in the upload functionality prior to commit db27b25372eb9071e63583d8faed2111a2b79f1b. A user could be tricked into uploading a file with a…