Vulnerabilities in DumbWareio
5 resultsCVE-2025-24971CRITICALOS Command Injection endpoint '/upload/init' parameter 'filename' (RCE) in DumpDropEPSS 3.2%CVE-2026-45230HIGHDumbAssets 1.0.11 Path Traversal File Deletion via /api/delete-fileEPSS 0.6%CVE-2025-24891CRITICALDumb Drop has an arbitrary file overwrite and path traversal for root shellEPSS 0.6%CVE-2025-47929LOWDumbDrop vulnerable to DOM XSS via file uploadEPSS 0.3%CVE-2026-45231MEDIUMDumbAssets 1.0.11 Stored Cross-Site Scripting via Asset FieldsEPSS 0.2%