Every CVE whose affected-product data names Pydio Cells, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (16)
CVE-2023-32749 — CVSS 8.8 (high): Pydio Cells allows users by default to create so-called external users in order to share files with them. By modifying the HTTP request…
CVE-2019-12901 — CVSS 8.8 (high): Pydio Cells before 1.5.0 fails to neutralize '../' elements, allowing an attacker with minimum privilege to Upload files to, and Delete…
CVE-2020-12851 — CVSS 8.1 (high): Pydio Cells 2.0.4 allows an authenticated user to write or overwrite existing files in another user’s personal and cells folders…
CVE-2020-12847 — CVSS 7.2 (high): Pydio Cells 2.0.4 web application offers an administrative console named “Cells Console” that is available to users with an…
CVE-2020-12850 — CVSS 7.0 (high): The following vulnerability applies only to the Pydio Cells Enterprise OVF version 2.0.4. Prior versions of the Pydio Cells Enterprise OVF…
CVE-2020-12852 — CVSS 6.8 (medium): The update feature for Pydio Cells 2.0.4 allows an administrator user to set a custom update URL and the public RSA key used to validate…
CVE-2021-41325 — CVSS 6.5 (medium): Broken access control for user creation in Pydio Cells 2.2.9 allows remote anonymous users to create standard users via the profile…
CVE-2019-12902 — CVSS 6.5 (medium): Pydio Cells before 1.5.0 does incomplete cleanup of a user's data upon deletion. This allows a new user, holding the same User ID as a…
CVE-2023-32750 — CVSS 6.5 (medium): Pydio Cells through 4.1.2 allows SSRF. For longer running processes, Pydio Cells allows for the creation of jobs, which are run in the…
CVE-2021-41323 — CVSS 6.5 (medium): Directory traversal in the Compress feature in Pydio Cells 2.2.9 allows remote authenticated users to overwrite personal files, or Cells…
CVE-2021-41324 — CVSS 6.5 (medium): Directory traversal in the Copy, Move, and Delete features in Pydio Cells 2.2.9 allows remote authenticated users to enumerate personal…
CVE-2020-12853 — CVSS 6.1 (medium): Pydio Cells 2.0.4 allows XSS. A malicious user can either upload or create a new file that contains potentially malicious HTML and…
CVE-2023-32751 — CVSS 5.4 (medium): Pydio Cells through 4.1.2 allows XSS. Pydio Cells implements the download of files using presigned URLs which are generated using the…
CVE-2020-12848 — CVSS 5.4 (medium): In Pydio Cells 2.0.4, once an authenticated user shares a file selecting the create a public link option, a hidden shared user account is…
CVE-2020-12849 — CVSS 5.4 (medium): Pydio Cells 2.0.4 allows any user to upload a profile image to the web application, including standard and shared user roles. These profile…
CVE-2019-12903 — CVSS 4.3 (medium): Pydio Cells before 1.5.0, when supplied with a Name field in an unexpected Unicode format, fails to handle this and includes the database…