Elias Schneider

3 exploits Active since Jan 2025
CVE-2025-22137 WRITEUP CRITICAL WRITEUP
Pingvin Share <1.4.0 - Code Injection
Pingvin Share is a self-hosted file sharing platform and an alternative for WeTransfer. This vulnerability allows an authenticated or unauthenticated (if anonymous shares are allowed) user to overwrite arbitrary files on the server, including sensitive system files, via HTTP POST requests. The issue has been patched in version 1.4.0.
CVSS 9.8
CVE-2026-28512 WRITEUP HIGH WRITEUP
Pocket ID 2.0.0-2.3.9 - Open Redirect
Pocket ID is an OIDC provider that allows users to authenticate with their passkeys to your services. From 2.0.0 to before 2.4.0, a flaw in callback URL validation allowed crafted redirect_uri values containing URL userinfo (@) to bypass legitimate callback pattern checks. If an attacker can trick a user into opening a malicious authorization link, the authorization code may be redirected to an attacker-controlled host. This vulnerability is fixed in 2.4.0.
CVSS 7.1
CVE-2025-22137 WRITEUP CRITICAL WRITEUP
Pingvin Share <1.4.0 - Code Injection
Pingvin Share is a self-hosted file sharing platform and an alternative for WeTransfer. This vulnerability allows an authenticated or unauthenticated (if anonymous shares are allowed) user to overwrite arbitrary files on the server, including sensitive system files, via HTTP POST requests. The issue has been patched in version 1.4.0.
CVSS 9.8