cbcvebase.

Dumbwareio Dumbdrop vulnerabilities

3 known vulnerabilities affecting dumbwareio/dumbdrop.

Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2LOW1

Vulnerabilities

Page 1 of 1
CVE-2025-24971P2CRITICALCVSS 9.5fixed in 4ff8469d2025-02-04
CVE-2025-24971 [CRITICAL] CWE-78 CVE-2025-24971: DumpDrop is a stupid simple file upload application that provides an interface for dragging and drop DumpDrop is a stupid simple file upload application that provides an interface for dragging and dropping files. An OS Command Injection vulnerability was discovered in the DumbDrop application, `/upload/init` endpoint. This vulnerability could allow an attacker to execute arbitrary code remotely when the **Apprise Notification** enabled. This issue
nvd
CVE-2025-24891P2CRITICALCVSS 9.6v= sha256:bd110df9fcab4fb9c384c245345b7dd34e52d2cabc3cda9bfbbbc5ffb0606d972025-01-31
CVE-2025-24891 [CRITICAL] CWE-22 CVE-2025-24891: Dumb Drop is a file upload application. Users with permission to upload to the service are able to e Dumb Drop is a file upload application. Users with permission to upload to the service are able to exploit a path traversal vulnerability to overwrite arbitrary system files. As the container runs as root by default, there is no limit to what can be overwritten. With this, it's possible to inject malicious payloads into files ran on schedule or upo
nvd
CVE-2025-47929P4LOWCVSS 2.1fixed in db27b25372eb9071e63583d8faed2111a2b79f1b2025-05-15
CVE-2025-47929 [LOW] CWE-79 CVE-2025-47929: DumbDrop, a file upload application that provides an interface for dragging and dropping files, has DumbDrop, a file upload application that provides an interface for dragging and dropping files, has a DOM cross-site scripting vulnerability in the upload functionality prior to commit db27b25372eb9071e63583d8faed2111a2b79f1b. A user could be tricked into uploading a file with a malicious payload. Commit db27b25372eb9071e63583d8faed2111a2b79f1b fixes the
nvd
Dumbwareio Dumbdrop vulnerabilities | cvebase