Dumbwareio Dumbassets vulnerabilities
2 known vulnerabilities affecting dumbwareio/dumbassets.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2026-45230P2CRITICALCVSS 9.1≤ 1.0.112026-05-18
CVE-2026-45230 [CRITICAL] CWE-22 CVE-2026-45230: DumbAssets through 1.0.11 contains a path traversal vulnerability in the POST /api/delete-file endpo
DumbAssets through 1.0.11 contains a path traversal vulnerability in the POST /api/delete-file endpoint and filesToDelete array parameters that allows unauthenticated attackers to delete arbitrary files by supplying ../ sequences that bypass directory boundary validation. Attackers can exploit the optional and disabled-by-default authentication con
nvd
CVE-2026-45231P4MEDIUMCVSS 6.1≤ 1.0.112026-05-18
CVE-2026-45231 [MEDIUM] CWE-79 CVE-2026-45231: DumbAssets through 1.0.11 contains a stored cross-site scripting vulnerability in asset fields inclu
DumbAssets through 1.0.11 contains a stored cross-site scripting vulnerability in asset fields including name, description, modelNumber, serialNumber, and tags that are stored without server-side sanitization and rendered using innerHTML without client-side escaping. Attackers can create or update assets with HTML or JavaScript payloads via the asset
nvd