| CVE-2026-42091 |
medium |
6.5 |
6.5 |
24d ago |
goshs has Cross-Origin Arbitrary File Write via Missing CSRF on PUT and Wildcard CORS |
|
| CVE-2026-40884 |
unknown |
— |
— |
1mo ago |
goshs has an empty-username SFTP password authentication bypass |
|
| CVE-2026-40876 |
unknown |
— |
— |
1mo ago |
SFTP root escape via prefix-based path validation in goshs |
|
| CVE-2026-40189 |
unknown |
— |
— |
2mo ago |
goshs has a file-based ACL authorization bypass in goshs state-changing routes |
|
| CVE-2026-40188 |
unknown |
— |
— |
2mo ago |
goshs is Missing Write Protection for Parametric Data Values in github.com/patrickhener/goshs |
|
| CVE-2026-35471 |
unknown |
— |
— |
2mo ago |
goshs: Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) |
|
| CVE-2026-35393 |
unknown |
— |
— |
2mo ago |
goshs: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in goshs POST multipart upload |
|
| CVE-2026-35392 |
unknown |
— |
— |
2mo ago |
goshs: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in goshs PUT Upload |
|
| CVE-2026-34581 |
unknown |
— |
— |
2mo ago |
goshs has Auth Bypass via Share Token |
|
| CVE-2025-46816 |
unknown |
— |
— |
1y ago |
goshs route not protected, allows command execution in github.com/patrickhener/goshs |
|