9001 Copyparty
11 CVEs affecting 9001 Copyparty. Latest disclosed: 2026-03-11. Critical: 0, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-54796 | High | 7.5 | 2025-08-01 | Copyparty is a portable file server. Versions prior to 1.18.9, the filter parameter for the "Recent Uploads" page allows arbitrary RegExes. If this feature is… |
CVE-2023-37474 | High | 7.5 | 2023-07-14 | Copyparty is a portable file server. Versions prior to 1.8.2 are subject to a path traversal vulnerability detected in the `.cpr` subfolder. The Path Traversal… |
CVE-2025-54589 | Medium | 6.3 | 2025-07-31 | Copyparty is a portable file server. In versions 1.18.6 and below, when accessing the recent uploads page at `/?ru`, users can filter the results using an inpu… |
CVE-2023-38501 | Medium | 6.3 | 2023-07-25 | copyparty is file server software. Prior to version 1.8.7, the application contains a reflected cross-site scripting via URL-parameter `?k304=...` and `?setck=… |
CVE-2026-27948 | Medium | 5.4 | 2026-02-26 | Copyparty is a portable file server. In versions prior to 1.20.9, an XSS allows for reflected cross-site scripting via URL-parameter `?setck=...`. Version 1.20… |
CVE-2025-54423 | Medium | 5.4 | 2025-07-28 | copyparty is a portable file server. In versions up to and including versions 1.18.4, an unauthenticated attacker is able to execute arbitrary JavaScript code… |
CVE-2026-30974 | Medium | 4.6 | 2026-03-10 | Copyparty is a portable file server. Prior to v1.20.11., the nohtml config option, intended to prevent execution of JavaScript in user-uploaded HTML files, did… |
CVE-2026-32109 | Low | 3.7 | 2026-03-11 | Copyparty is a portable file server. Prior to 1.20.12, if an attacker has been given both read- and write-permissions to the server, they can upload a maliciou… |
CVE-2025-27145 | Low | 3.6 | 2025-02-25 | copyparty, a portable file server, has a DOM-based cross-site scripting vulnerability in versions prior to 1.16.15. The vulnerability is considered low-risk. B… |
CVE-2026-32108 | | 2026-03-11 | Copyparty is a portable file server. Prior to 1.20.12, there was a missing permission-check in the shares feature (the shr global-option). This vulnerability o… | |
CVE-2025-58753 | | 2025-09-09 | Copyparty is a portable file server. In versions prior to 1.19.8, there was a missing permission-check in the shares feature (the `shr` global-option). When a… |