Lucene search
K

2686 matches found

Vulnrichment
Vulnrichment
added 2026/06/01 3:13 p.m.12 views

CVE-2026-42679 WordPress Classified Listing plugin <= 5.3.8 - Arbitrary File Download vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Mamunur Rashid Classified Listing allows Path Traversal. This issue affects Classified Listing: from n/a through 5.3.8...

6.5CVSS5.8AI score0.00295EPSS
Exploits0References1
NVD
NVD
added 2026/05/30 4:17 p.m.26 views

CVE-2018-25408

The Open ISES Project 3.30A contains a path traversal vulnerability in the ajax/download.php endpoint that allows unauthenticated attackers to download arbitrary files by manipulating the filename parameter. Attackers can supply directory traversal sequences ../ in the filename parameter to acces...

8.7CVSS0.00638EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/30 2:55 p.m.14 views

CVE-2018-25421 Open STA Manager 2.3 Arbitrary File Download via Path Traversal

Open STA Manager 2.3 contains a path traversal vulnerability that allows authenticated users to download arbitrary files by manipulating the file parameter. Attackers can send GET requests to modules/backup/actions.php with op=getfile and traverse directories using ../ sequences to access sensiti...

7.1CVSS5.9AI score0.00334EPSS
Exploits0References4
CVE
CVE
added 2026/05/30 2:55 p.m.25 views

CVE-2018-25421

Open STA Manager 2.3 is affected by a path traversal vulnerability that lets authenticated users download arbitrary files by calling modules/backup/actions.php?op=getfile and traversing with ../ sequences to access sensitive system files. Affected component is the Open STA Manager implementation;...

7.1CVSS5.9AI score0.00334EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/30 2:55 p.m.10 views

CVE-2018-25408 The Open ISES Project 3.30A Path Traversal Arbitrary File Download

The Open ISES Project 3.30A contains a path traversal vulnerability in the ajax/download.php endpoint that allows unauthenticated attackers to download arbitrary files by manipulating the filename parameter. Attackers can supply directory traversal sequences ../ in the filename parameter to acces...

8.7CVSS5.9AI score0.00638EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/30 2:55 p.m.37 views

CVE-2018-25408 The Open ISES Project 3.30A Path Traversal Arbitrary File Download

The Open ISES Project 3.30A contains a path traversal vulnerability in the ajax/download.php endpoint that allows unauthenticated attackers to download arbitrary files by manipulating the filename parameter. Attackers can supply directory traversal sequences ../ in the filename parameter to acces...

8.7CVSS0.00638EPSS
Exploits0References4
CVE
CVE
added 2026/05/30 2:55 p.m.26 views

CVE-2018-25408

The Open ISES Project 3.30A contains a path traversal vulnerability in the ajax/download.php endpoint that lets unauthenticated attackers download arbitrary files by supplying directory traversal sequences (e.g., ../) in the filename parameter. Affected component: ajax/download.php within The Ope...

8.7CVSS5.9AI score0.00638EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/30 12:0 a.m.10 views

Open STA Manager 路径遍历漏洞

Open STA Manager is an enterprise service management system developed by the Italian company Open STA Manager. Version 2.3 of Open STA Manager contains a path traversal vulnerability. This vulnerability arises from operations using the file parameter, which may allow authenticated users to downlo...

7.1CVSS5.9AI score0.00334EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/30 12:0 a.m.9 views

Open ISES Project 路径遍历漏洞

The Open ISES Project is an open-source information technology platform and resource platform for emergency service organizations developed by Open ISES. Version 3.30A of the Open ISES Project contains a path traversal vulnerability. This vulnerability stems from improper handling of the filename...

8.7CVSS5.9AI score0.00638EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/30 12:0 a.m.16 views

PT-2026-45108

The Open ISES Project 3.30A contains a path traversal vulnerability in the ajax/download.php endpoint that allows unauthenticated attackers to download arbitrary files by manipulating the filename parameter. Attackers can supply directory traversal sequences ../ in the filename parameter to acces...

8.7CVSS5.9AI score0.00638EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/05/29 2:46 p.m.15 views

CVE-2018-25393 Navigate CMS 2.8.5 Path Traversal via navigate_download.php

Navigate CMS 2.8.5 contains a path traversal vulnerability that allows authenticated users to download arbitrary files by injecting directory traversal sequences in the id parameter. Attackers can send GET requests to navigatedownload.php with path traversal payloads ../../../cfg/globals.php to...

7.1CVSS5.9AI score0.00565EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/29 2:46 p.m.13 views

EUVD-2018-21915

Navigate CMS 2.8.5 contains a path traversal vulnerability that allows authenticated users to download arbitrary files by injecting directory traversal sequences in the id parameter. Attackers can send GET requests to navigatedownload.php with path traversal payloads ../../../cfg/globals.php to...

7.1CVSS5.9AI score0.00565EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.9 views

Naviwebs Navigate CMS 路径遍历漏洞

Naviwebs Navigate CMS is an open-source content management system developed by Naviwebs Inc. In the version 2.8.5 of Naviwebs Navigate CMS, there is a path traversal vulnerability. This vulnerability stems from the injection of directory traversal sequences in the id parameter, which may allow...

7.1CVSS5.9AI score0.00565EPSS
Exploits0References4
Patchstack
Patchstack
added 2026/05/17 9:4 a.m.8 views

WordPress Classified Listing plugin <= 5.3.8 - Arbitrary File Download vulnerability

Arbitrary File Download vulnerability discovered by thevietronin in WordPress Plugin Classified Listing versions = 5.3.8...

6.5CVSS5.8AI score0.00295EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 2026/05/12 7:19 p.m.48 views

CVE-2026-44874 Authenticated Arbitrary File Download via AOS-10 Web-Based Management Interface

A vulnerability exists in the web-based management interface of an AOS-10 Gateway that could allow an authenticated remote attacker to access sensitive files on the underlying operating system. Successful exploitation of this vulnerability could result in the disclosure of confidential system...

4.9CVSS0.00305EPSS
Exploits0References1
CVE
CVE
added 2026/05/12 7:19 p.m.23 views

CVE-2026-44874

The CVE 2026-44874 affects the web-based management interface of an AOS-10 Gateway. It enables an authenticated remote attacker to access sensitive files on the underlying operating system, leading to disclosure of confidential information and potentially enabling further attacks on the affected ...

4.9CVSS5.8AI score0.00305EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/12 7:19 p.m.13 views

CVE-2026-44874 Authenticated Arbitrary File Download via AOS-10 Web-Based Management Interface

A vulnerability exists in the web-based management interface of an AOS-10 Gateway that could allow an authenticated remote attacker to access sensitive files on the underlying operating system. Successful exploitation of this vulnerability could result in the disclosure of confidential system...

4.9CVSS5.8AI score0.00305EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/04/17 12:0 a.m.2 views

Cisco Unity Connection Arbitrary File Download (cisco-sa-unity-file-download-RmKEVWPx)

According to its self-reported version, Cisco Unity Connection is affected by multiple arbitrary file download vulnerabilities: - Multiple vulnerabilities in Cisco Unity Connection could allow an authenticated, remote attacker to download arbitrary files from an affected system. To exploit these...

6.5CVSS5.9AI score0.00388EPSS
Exploits0References5
Patchstack
Patchstack
added 2026/04/16 11:39 a.m.4 views

WordPress Client Portal (Pro) plugin <= 5.6.2 - Arbitrary File Download vulnerability

Arbitrary File Download vulnerability discovered by Jarno Vos jrn5151 in WordPress Plugin Client Portal Pro versions = 5.6.2...

5.8AI score0.00412EPSS
Exploits0Affected Software1
EUVD
EUVD
added 2026/04/15 6:31 p.m.6 views

EUVD-2026-22956

Multiple vulnerabilities in Cisco Unity Connection could allow an authenticated, remote attacker to download arbitrary files from an affected system. To exploit these vulnerabilities, the attacker must have valid administrative credentials. These vulnerabilities are due to improper sanitization o...

6.5CVSS6AI score0.00388EPSS
Exploits0References2
Rows per page
Query Builder