Lucene search
K

38 matches found

NVD
NVD
added 2026/07/03 9:16 p.m.5 views

CVE-2026-20706

Gitea versions up to and including 1.26.1 allow repository archive downloads to bypass token scope checks on the web archive download endpoint...

9.1CVSS0.00403EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/07/03 8:19 p.m.7 views

CVE-2026-20706

Gitea versions up to and including 1.26.1 allow repository archive downloads to bypass token scope checks on the web archive download endpoint...

5.9AI score0.00403EPSS
Exploits0References5
Snyk
Snyk
added 2026/06/25 6:43 p.m.5 views

Improper Authorization

Overview Affected versions of this package are vulnerable to Improper Authorization through the web archive download endpoint. An attacker can access resources beyond their authorized token scope by sending crafted requests to this endpoint. Remediation Upgrade...

9.1CVSS5.8AI score0.00403EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/25 6:43 p.m.5 views

Improper Authorization

Overview Affected versions of this package are vulnerable to Improper Authorization through the web archive download endpoint. An attacker can access resources beyond their authorized token scope by sending crafted requests to this endpoint. Remediation Upgrade...

9.1CVSS5.8AI score0.00403EPSS
Exploits0References3
OSV
OSV
added 2026/06/25 6:43 p.m.4 views

GO-2026-5334 Gitea: Token scope bypass on web archive download endpoint in code.gitea.io/gitea

Gitea: Token scope bypass on web archive download endpoint in code.gitea.io/gitea...

9.1CVSS5.8AI score0.00403EPSS
Exploits0References1
CVE
CVE
added 2026/06/25 5:39 p.m.24 views

CVE-2026-54093

CVE-2026-54093 affects File Browser prior to v2.63.6, where archive entry names for zip/tar are built using Windows-style backslashes. On Linux, backslashes are preserved in names, allowing a Windows-style traversal like ....\evil.txt to be written on disk and then emitted verbatim in the archive...

6.8CVSS6AI score0.00189EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/06/16 11:42 p.m.10 views

Gitea: Token scope bypass on web archive download endpoint

Summary PR 37698 added checkDownloadTokenScope to /raw/, /media/, and attachment download web endpoints. The /archive/ endpoint repo.Download in routers/web/repo/repo.go:372 was not included in the fix. This endpoint accepts OAuth2 tokens via webAuth.AllowOAuth2 registered at...

9.1CVSS5.3AI score0.00403EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/06/10 6:17 p.m.28 views

CVE-2026-46612

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.23.0, the Fission storagesvc component registers archive CRUD handlers /v1/archive GET / POST / DELETE and /v1/archives list directly on...

8.8CVSS0.00344EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/15 12:0 a.m.12 views

PT-2026-33120

Weblate is a web based localization tool. In versions prior to 5.17, the ZIP download feature didn't verify downloaded files, potentially following symlinks outside the repository. This issue has been fixed in version 5.17...

7.7CVSS5.7AI score0.00465EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/03/29 12:44 p.m.25 views

CVE-2026-33574 OpenClaw < 2026.3.8 - Path Traversal via Tools Root Rebinding in Skills Download

OpenClaw before 2026.3.8 contains a path traversal vulnerability in the skills download installer that validates the tools root lexically but reuses the mutable path during archive download and copy operations. A local attacker can rebind the tools-root path between validation and final write to...

6.2CVSS0.00087EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/03/27 11:9 a.m.7 views

WordPress PeproDev Ultimate Invoice plugin < 2.2.6 - Unauthenticated Invoice Archive Download vulnerability

Unauthenticated Invoice Archive Download vulnerability discovered by Ashkan Moghaddas in WordPress Plugin PeproDev Ultimate Invoice versions 2.2.6...

5.3CVSS5.9AI score0.00197EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/03/06 3:31 p.m.8 views

EUVD-2018-21636

Musicco 2.0.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary directories by manipulating the parent parameter. Attackers can supply directory traversal sequences in the parent parameter of the getAlbum endpoint to access sensitive system...

8.7CVSS5.9AI score0.00632EPSS
Exploits0References3
Snyk
Snyk
added 2025/12/30 7:25 p.m.3 views

Zip Slip

Overview psitransfer is a Simple open source self-hosted file sharing solution Affected versions of this package are vulnerable to Zip Slip in the archive download functionality in endpoints.js‎. An attacker can write arbitrary files outside the intended extraction directory by uploading files wi...

6.9CVSS7AI score
Exploits0References3
OSV
OSV
added 2025/12/30 7:25 p.m.5 views

GHSA-XPHH-5V4R-R3RX PsiTransfer has Zip Slip Path Traversal via TAR Archive Download

Summary A Zip Slip vulnerability in PsiTransfer allows an unauthenticated attacker to upload files with path traversal sequences in the filename e.g. ../../../.ssh/authorizedkeys. When a victim downloads the bucket as a .tar.gz archive and extracts it, malicious files are written outside the...

8.1CVSS7.3AI score
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/12/10 9:16 p.m.4 views

CVE-2021-47724

STVS ProVision 5.9.10 contains a path traversal vulnerability that allows authenticated attackers to access arbitrary files by manipulating the files parameter in the archive download functionality. Attackers can send GET requests to /archive/download with directory traversal sequences to read...

7.1CVSS6.7AI score0.00672EPSS
Exploits1References1
EUVD
EUVD
added 2025/12/09 9:31 p.m.5 views

EUVD-2021-34724

STVS ProVision 5.9.10 contains a path traversal vulnerability that allows authenticated attackers to access arbitrary files by manipulating the files parameter in the archive download functionality. Attackers can send GET requests to /archive/download with directory traversal sequences to read...

7.1CVSS6.2AI score0.00672EPSS
Exploits1References5
OSV
OSV
added 2025/12/09 9:15 p.m.5 views

CVE-2021-47724

STVS ProVision 5.9.10 contains a path traversal vulnerability that allows authenticated attackers to access arbitrary files by manipulating the files parameter in the archive download functionality. Attackers can send GET requests to /archive/download with directory traversal sequences to read...

6.5CVSS5.9AI score0.00672EPSS
Exploits1References4
NVD
NVD
added 2025/12/09 9:15 p.m.5 views

CVE-2021-47724

STVS ProVision 5.9.10 contains a path traversal vulnerability that allows authenticated attackers to access arbitrary files by manipulating the files parameter in the archive download functionality. Attackers can send GET requests to /archive/download with directory traversal sequences to read...

7.1CVSS0.00672EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/12/09 8:42 p.m.21 views

CVE-2021-47724 STVS ProVision Authenticated File Disclosure via archive.rb

STVS ProVision 5.9.10 contains a path traversal vulnerability that allows authenticated attackers to access arbitrary files by manipulating the files parameter in the archive download functionality. Attackers can send GET requests to /archive/download with directory traversal sequences to read...

7.1CVSS0.00672EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/12/09 8:42 p.m.2 views

CVE-2021-47724 STVS ProVision Authenticated File Disclosure via archive.rb

STVS ProVision 5.9.10 contains a path traversal vulnerability that allows authenticated attackers to access arbitrary files by manipulating the files parameter in the archive download functionality. Attackers can send GET requests to /archive/download with directory traversal sequences to read...

7.1CVSS6.3AI score0.00672EPSS
Exploits1References4
Rows per page
Query Builder