Vulnerabilities > Alist Project

DATE CVE VULNERABILITY TITLE RISK
2023-06-07 CVE-2023-33498 Unrestricted Upload of File with Dangerous Type vulnerability in Alist Project Alist
alist <=3.16.3 is vulnerable to Incorrect Access Control.
network
low complexity
alist-project CWE-434
8.8
2023-05-23 CVE-2023-31726 Unspecified vulnerability in Alist Project Alist 3.15.1
AList 3.15.1 is vulnerable to Incorrect Access Control, which can be exploited by attackers to obtain sensitive information.
network
low complexity
alist-project
7.5
2022-12-15 CVE-2022-45969 Path Traversal vulnerability in Alist Project Alist 3.4.0
Alist v3.4.0 is vulnerable to Directory Traversal,
network
low complexity
alist-project CWE-22
critical
9.8
2022-12-12 CVE-2022-45968 Unrestricted Upload of File with Dangerous Type vulnerability in Alist Project Alist 3.4.0
Alist v3.4.0 is vulnerable to File Upload.
network
low complexity
alist-project CWE-434
8.8
2022-12-12 CVE-2022-45970 Cross-site Scripting vulnerability in Alist Project Alist 3.5.1
Alist v3.5.1 is vulnerable to Cross Site Scripting (XSS) via the bulletin board.
network
low complexity
alist-project CWE-79
5.4
2022-03-12 CVE-2022-26533 Cross-site Scripting vulnerability in Alist Project Alist
Alist v2.1.0 and below was discovered to contain a cross-site scripting (XSS) vulnerability via /i/:data/ipa.plist.
4.3