ByteOS Network

fccview

Source -

CNA

BOS Name -

N/A

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -

2Vulnerabilities found

CVE-2026-42564

Assigner-GitHub, Inc.

View Details

Assigner-GitHub, Inc.

CVSS Score-8.2||HIGH

EPSS-0.07% / 20.45%

7 Day CHG~0.00%

Published-11 May, 2026 | 21:17

Updated-13 May, 2026 | 17:31

jotty·page: Unauthenticated Path Traversal leads to sensitive file disclosure and session-token reuse impact

jotty·page is a self-hosted app for your checklists and notes. Prior to 1.22.0, an unauthenticated path traversal vulnerability exists in /api/app-icons/[filename]. The filename route parameter is joined into a filesystem path without traversal/boundary validation, allowing file reads outside data/uploads/app-icons/. This vulnerability is fixed in 1.22.0.

Vendor-fccview

Product-jotty

CWE ID-CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

CWE ID-CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVE-2026-34072

Assigner-GitHub, Inc.

View Details

Assigner-GitHub, Inc.

CVSS Score-8.3||HIGH

EPSS-0.10% / 26.79%

7 Day CHG~0.00%

Published-01 Apr, 2026 | 16:51

Updated-03 Apr, 2026 | 16:10

cronmaster: Middleware authentication bypass enabling unauthorized page access and server-action execution

Cr*nMaster (cronmaster) is a Cronjob management UI with human readable syntax, live logging and log history for cronjobs. Prior to version 2.2.0, an authentication bypass in middleware allows unauthenticated requests with an invalid session cookie to be treated as authenticated when the middleware’s session-validation fetch fails. This can result in unauthorized access to protected pages and unauthorized execution of privileged Next.js Server Actions. This issue has been patched in version 2.2.0.

Vendor-fccview

Product-cronmaster

CWE ID-CWE-287

Improper Authentication

CWE ID-CWE-306

Missing Authentication for Critical Function

CWE ID-CWE-693

Protection Mechanism Failure