📦 Alist

Alist file list program versions before 3.57.0 disable TLS certificate verification by default for all outgoing storage communications, making all data transfers vulnerable to Man-in-the-Middle attack...

CVE-2022-45969 is a directory traversal vulnerability in Alist v3.4.0 that allows attackers to access files outside the intended directory. This affects all users running the vulnerable version of Ali...

This path traversal vulnerability in Alist allows authenticated attackers to bypass directory-level authorization by injecting traversal sequences into filename components. Attackers can perform unaut...

CVE-2023-33498 is an access control vulnerability in Alist file listing software where low-privilege user accounts can upload any file type regardless of restrictions. This affects all Alist deploymen...

CVE-2022-45968 allows authenticated users with file upload permission to upload arbitrary files to any folder in Alist v3.4.0, including password-protected directories. This affects all deployments ru...

AList file management software contains a reflected cross-site scripting vulnerability where user input is directly reflected in XML responses without proper sanitization. This allows attackers to inj...