Chakradhar1228

#10454of 53,635
26.4Total CVSS
Vulnerabilities · 4
Medium
2
High
1
Critical
1
PT-2026-44938
9.9
2026-05-29
Dokploy · Dokploy · CVE-2026-45661
**Name of the Vulnerable Software and Affected Versions** Dokploy versions prior to 0.26.6 **Description** Dokploy is a self-hostable Platform as a Service (PaaS) containing a path traversal issue. This allows authenticated users to write arbitrary files to the filesystem during application deployment. When used with the remote server deployment feature, it enables arbitrary file writes to remote server filesystems, automatic remote code execution via cron jobs, complete server compromise, data exfiltration without user interaction, and persistent backdoor installation. This issue bypasses all container isolation on remote server deployments. **Recommendations** Update to a version newer than 0.26.5.
PT-2026-30248
7.2
2026-04-03
Piwigo · Piwigo · CVE-2026-27885
Piwigo is an open source photo gallery application for the web. Prior to version 16.3.0, a SQL Injection vulnerability was discovered in Piwigo affecting the Activity List API endpoint. This vulnerability allows an authenticated administrator to extract sensitive data from the database, including user credentials, email addresses, and all stored content. This issue has been patched in version 16.3.0.
PT-2026-24785
5.0
2026-03-11
Frappe · Frappe · CVE-2026-31878
**Name of the Vulnerable Software and Affected Versions** Frappe versions prior to 14.100.1 Frappe versions prior to 15.100.0 Frappe versions prior to 16.6.0 **Description** Frappe is a full-stack web application framework. A malicious user could send a crafted request to an ''endpoint'' which would lead to the server making an HTTP call to a service of the user's choice. The vulnerability involves manipulating a request sent to an endpoint, causing the server to initiate an HTTP call to a service specified by the attacker. The `endpoint` receives the crafted request. **Recommendations** Update Frappe to version 14.100.1 or later. Update Frappe to version 15.100.0 or later. Update Frappe to version 16.6.0 or later.
PT-2026-2295
4.3
2026-01-12
Lychee · Lychee · CVE-2026-22784
**Name of the Vulnerable Software and Affected Versions** Lychee versions prior to 7.1.0 **Description** Lychee is a free, open-source photo-management tool. A flaw exists in the album password unlock functionality that could allow users to gain unauthorized access to other users' password-protected albums. When a user unlocks a password-protected public album, the system automatically unlocks all other public albums sharing the same password, bypassing authorization controls. **Recommendations** Update to version 7.1.0 or later.