Every CVE whose affected-product data names 9001 Copyparty, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (12)
CVE-2023-41471 — CVSS 7.8 (high): Cross Site Scripting vulnerability in copyparty before 1.9.2 allows a local attacker to execute arbitrary code via a crafted payload to the…
CVE-2023-37474 — CVSS 7.5 (high): Copyparty is a portable file server. Versions prior to 1.8.2 are subject to a path traversal vulnerability detected in the `.cpr`…
CVE-2025-54796 — CVSS 7.5 (high): Copyparty is a portable file server. Versions prior to 1.18.9, the filter parameter for the "Recent Uploads" page allows arbitrary RegExes…
CVE-2025-58753 — CVSS 7.5 (high): Copyparty is a portable file server. In versions prior to 1.19.8, there was a missing permission-check in the shares feature (the `shr`…
CVE-2026-32108 — CVSS 6.5 (medium): Copyparty is a portable file server. Prior to 1.20.12, there was a missing permission-check in the shares feature (the shr global-option)…
CVE-2023-38501 — CVSS 6.3 (medium): copyparty is file server software. Prior to version 1.8.7, the application contains a reflected cross-site scripting via URL-parameter…
CVE-2025-54589 — CVSS 6.3 (medium): Copyparty is a portable file server. In versions 1.18.6 and below, when accessing the recent uploads page at `/?ru`, users can filter the…
CVE-2025-54423 — CVSS 5.4 (medium): copyparty is a portable file server. In versions up to and including versions 1.18.4, an unauthenticated attacker is able to execute…
CVE-2026-27948 — CVSS 5.4 (medium): Copyparty is a portable file server. In versions prior to 1.20.9, an XSS allows for reflected cross-site scripting via URL-parameter…
CVE-2026-30974 — CVSS 4.6 (medium): Copyparty is a portable file server. Prior to v1.20.11., the nohtml config option, intended to prevent execution of JavaScript in…
CVE-2026-32109 — CVSS 3.7 (low): Copyparty is a portable file server. Prior to 1.20.12, if an attacker has been given both read- and write-permissions to the server, they…
CVE-2025-27145 — CVSS 3.6 (low): copyparty, a portable file server, has a DOM-based cross-site scripting vulnerability in versions prior to 1.16.15. The vulnerability is…