Vulnerabilities in xyproto

7 results

CVE-2026-45721CRITICALAlgernon: handler.lua discovery walks parent directories above the server rootEPSS 0.4%CVE-2026-43982HIGHAlgernon: Path traversal file write via savein()EPSS 0.3%CVE-2026-48126HIGHAlgernon: Host header path traversal in --domain mode reads files and runs Lua from parent dirEPSS 0.3%CVE-2026-45728HIGHAlgernon: Single-file mode unconditionally enables debug modeEPSS 0.3%CVE-2026-46431MEDIUMAlgernon: Auto-refresh SSE event server sets Access-Control-Allow-Origin: *EPSS 0.2%CVE-2026-46430MEDIUMAlgernon: Auto-refresh SSE event server binds to all interfaces by default on Linux/macOSEPSS 0.2%CVE-2026-43981HIGHAlgernon: Race Condition in handle() shared LStateEPSS 0.2%