CVE-2026-22334

Subscriber Arbitrary File Download in Woocommerce Book Price = 1.3 versions...

CVE-2025-69131

Affected software: WordPress & WooCommerce Scraper Plugin, Import Data from Any Site (WordPress). Vulnerability: Unauthenticated Arbitrary File Download in versions

PYSEC-2026-129

pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, when passing a folder name in the setpackagedata API function call inside the data object with key "folder", there is no sanitization at all, allowing a user with Perms.MODIFY to specify arbitrary...

CVE-2026-5337

CVE-2026-5337 affects the WordPress plugin “Frontend File Manager” (versions up to 23.6). The issue is an insecure direct object reference (IDOR) in the download endpoint that does not properly validate authorizations for requested uploaded files. A Subscriber-level or higher authenticated user c...

WordPress Download Monitor plugin <= 5.1.9 - Non-Arbitrary File Download vulnerability

Non-Arbitrary File Download vulnerability discovered by daroo in WordPress Plugin Download Monitor versions = 5.1.9...

EUVD-2026-9146

IDExpert Windows Logon Agent developed by Changing has a Remote Code Execution vulnerability, allowing unauthenticated remote attackers to force the system to download arbitrary executable files from a remote source and execute them...

WordPress Open User Map plugin <= 1.4.16 - Arbitrary File Download vulnerability

Arbitrary File Download vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Open User Map versions = 1.4.16...

Agent-Zero 0.8.0 - 0.9.4 - Arbitrary File Download

Agent-Zero v0.8.0 - 0.9.4 contains a path traversal caused by improper validation in /api/downloadworkdirfile.py, letting attackers access unauthorized files, exploit requires crafted request. id: CVE-2025-55523 info: name: Agent-Zero 0.8.0 - 0.9.4 - Arbitrary File Download author: 0xAkoko...

CVE-2025-68902

CVE-2025-68902 is a path traversal vulnerability in WordPress theme Anona (AivahThemes) affecting versions up to and including 8.0. The issue allows unrestricted path traversal to download arbitrary files. Red Hat and NVD corroborate the exposure. Mitigation: upgrade Anona to a version later than...

Bludit 路径遍历漏洞

Bludit is an open source lightweight blog content management system CMS from Bludit Open Source. A path traversal vulnerability exists in versions prior to Bludit 3.13.1, which stems from improper manipulation of the Backup Plugin file path parameter, which could lead to arbitrary file downloads...

CVE-2025-64178

Jellysweep is a cleanup tool for the Jellyfin media server. In versions 0.12.1 and below, /api/images/cache, used to download media posters from the server, accepted a URL parameter that was directly passed to the cache package, which downloaded the poster from this URL. This URL parameter can be...

CVE-2025-63686

There is an arbitrary file download vulnerability in GuoMinJim PersonManage thru commit 5a02b1ab208feacf3a34fc123c9381162afbaa95 2020-11-23 in the document query function under the Download Center menu in the PersonManage system...

CVE-2025-60242

CVE-2025-60242 affects WordPress Plugin Download Counter (versions

EUVD-2007-6371

Malware in sbrugna...

EUVD-2023-46062

Malicious code in bioql PyPI...

EUVD-2025-25703

Malicious code in bioql PyPI...

CVE-2025-55455

DooTask v1.0.51 was dicovered to contain an authenticated arbitrary download vulnerability via the component /msg/sendtext...

CVE-2025-55455

DooTask v1.0.51 was dicovered to contain an authenticated arbitrary download vulnerability via the component /msg/sendtext...

dootask 安全漏洞

dootask is an open source online project task management tool from dootask, Inc. A security vulnerability exists in dootask version 1.0.51, which stems from an authentication arbitrary download issue in the /msg/sendtext component...

CVE-2025-55455

The CVE-2025-55455 entry affects DooTask v1.0.51 and describes an authenticated arbitrary file download vulnerability in the /msg/sendtext component. According to the sources, the issue has a CVSS v3.1 base score of 3.5 (LOW) with network attack vector, low privileges required, user interaction r...