Lucene search
+L

6484 matches found

NVD
NVD
added 5 hours ago3 views

CVE-2026-63099

TheHive through 4.1.24 contains a broken object-level authorization vulnerability in the attachment download endpoints that allows any authenticated user to access attachments belonging to other organizations by supplying a content-hash identifier. Attackers can exploit the missing...

7.1CVSS
Exploits0References2
Cvelist
Cvelist
added 5 hours ago10 views

CVE-2026-63099 TheHive 4.1.24 Broken Object Level Authorization via Attachment Download Endpoints

TheHive through 4.1.24 contains a broken object-level authorization vulnerability in the attachment download endpoints that allows any authenticated user to access attachments belonging to other organizations by supplying a content-hash identifier. Attackers can exploit the missing...

7.1CVSS
Exploits0References2
Vulnrichment
Vulnrichment
added 5 hours ago4 views

CVE-2026-63099 TheHive 4.1.24 Broken Object Level Authorization via Attachment Download Endpoints

TheHive through 4.1.24 contains a broken object-level authorization vulnerability in the attachment download endpoints that allows any authenticated user to access attachments belonging to other organizations by supplying a content-hash identifier. Attackers can exploit the missing...

7.1CVSS5.5AI score
Exploits0References2
CVE
CVE
added 5 hours ago9 views

CVE-2026-63099

CVE-2026-63099 affects TheHive up to version 4.1.24 and describes a broken object‑level authorization in the attachment download endpoints. The vulnerability lets any authenticated user access attachments belonging to other organizations by supplying a content-hash identifier. The root cause is a...

7.1CVSS5.6AI score
Exploits0References2
EUVD
EUVD
added 5 hours ago5 views

EUVD-2026-45197

TheHive through 4.1.24 contains a broken object-level authorization vulnerability in the attachment download endpoints that allows any authenticated user to access attachments belonging to other organizations by supplying a content-hash identifier. Attackers can exploit the missing...

7.1CVSS5.6AI score
Exploits0References2
Nuclei
Nuclei
added 16 hours ago54 views

EspoCRM <= 9.3.3 - Server-Side Request Forgery

EspoCRM = 9.3.3 contains an authenticated server-side request forgery caused by improper internal-host validation using alternative IPv4 formats in HostCheck::isNotInternalHost, letting authenticated users access internal resources via /api/v1/Attachment/fromImageUrl endpoint. id: CVE-2026-33534...

4.3CVSS5.2AI score0.01978EPSS
Exploits5References2
Nuclei
Nuclei
added 16 hours ago14 views

Group-Office < 26.0.5 - Remote Code Execution

Group-Office before versions 6.8.150, 25.0.82, and 26.0.5 is vulnerable to remote code execution via OS command injection. The endpoint email/message/tnefAttachmentFromTempFile directly concatenates the user-controlled parameter tmpfile into an exec call. By injecting shell metacharacters into...

9.4CVSS6.8AI score0.18536EPSS
Exploits2References4
Nuclei
Nuclei
added 16 hours ago75 views

WP Attachment Export < 0.2.4 - Unrestricted File Download

The plugin does not have proper access controls, allowing unauthenticated users to download the XML data that holds all the details of attachments/posts on a Wordpress powered site. This includes details of even privately published posts and password protected posts with their passwords revealed ...

7.5CVSS7.4AI score0.08185EPSS
Exploits1References5
NVD
NVD
added 19 hours ago5 views

CVE-2026-2594

The Smart Custom Fields plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 5.0.7. This is due to insufficient input sanitization and output escaping of uploaded image attachment titles. This makes it possible for authenticated attackers, with...

6.4CVSS
Exploits0References3
Cvelist
Cvelist
added 19 hours ago13 views

CVE-2026-2594 Smart Custom Fields <= 5.0.7 - Authenticated (Author+) Stored Cross-Site Scripting via Attachment Title

The Smart Custom Fields plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 5.0.7. This is due to insufficient input sanitization and output escaping of uploaded image attachment titles. This makes it possible for authenticated attackers, with...

6.4CVSS
Exploits0References3
CVE
CVE
added 19 hours ago13 views

CVE-2026-2594

The CVE-2026-2594 entry concerns the WordPress plugin Smart Custom Fields. A stored cross-site scripting (XSS) flaw affects versions up to and including 5.0.7, caused by insufficient input sanitization and output escaping for uploaded image attachment titles. This enables authenticated attackers ...

6.4CVSS6.2AI score
Exploits0References3
Nuclei
Nuclei
added yesterday22 views

Zimbra Collaboration Suite - Cross-site Scripting

Cross-site scripting XSS vulnerability in the ZmMailMsgView.getAttachmentLinkHtml function in Zimbra Collaboration Suite ZCS before 8.7 Patch 1 and 8.8.x before 8.8.7 might allow remote attackers to inject arbitrary web script or HTML via a Content-Location header in an email attachment. id:...

6.1CVSS6.9AI score0.23717EPSS
Exploits2References2
NVD
NVD
added yesterday7 views

CVE-2026-12684

The Customer Reviews for WooCommerce WordPress plugin before 5.113.0 does not perform authentication, capability, or nonce checks on one of its media upload AJAX actions when the review media attachment feature is enabled, allowing unauthenticated users to upload media files bounded to an image a...

6.5CVSS0.00191EPSS
Exploits0References1
NVD
NVD
added 2 days ago9 views

CVE-2026-52890

Wekan is open source kanban built with Meteor. Prior to 9.31, Wekan allows a logged-in board member to insert an attachment document through the /attachments/insert DDP method with attacker-controlled versions.original.path and versions.original.storage fields. The server/permissions/attachments....

7.1CVSS0.00325EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2 days ago8 views

PT-2026-60316

Name of the Vulnerable Software and Affected Versions Wekan versions prior to 9.31 Description A logged-in board member can perform arbitrary file reads and cause a denial of service by inserting an attachment document through the '/attachments/insert' DDP method. The issue occurs because the...

7.1CVSS6.2AI score0.00325EPSS
Exploits0References5
NVD
NVD
added 3 days ago4 views

CVE-2026-47429

Vitest is a testing framework powered by Vite. Prior to 3.2.5 and 4.1.0, the Vitest UI/API server on Windows used isFileServingAllowed incorrectly for /vitestattachment, allowing \?\..\ path traversal to read files outside the project; exposed API write and rerun features such as saveTestFile...

9.8CVSS0.01024EPSS
Exploits0References7
NVD
NVD
added 3 days ago4 views

CVE-2026-54432

Roundcube Webmail before 1.6.17 and 1.7.x before 1.7.2 allows Stored Cross-Site Scripting XSS. The issue occurs because the attachment MIME type is not properly escaped on the attachment-validation warning page...

4.7CVSS0.00206EPSS
Exploits0References1
CVE
CVE
added 3 days ago37 views

CVE-2026-54432

Roundcube Webmail affected: versions before 1.6.17 and 1.7.x before 1.7.2 are vulnerable to a Stored XSS flaw. Root cause: the attachment MIME type is not properly escaped on the attachment-validation warning page, enabling script execution within a victim’s session when an email is viewed. Affec...

4.7CVSS6.1AI score0.00206EPSS
Exploits0References1
Cvelist
Cvelist
added 3 days ago27 views

CVE-2026-54432

Roundcube Webmail before 1.6.17 and 1.7.x before 1.7.2 allows Stored Cross-Site Scripting XSS. The issue occurs because the attachment MIME type is not properly escaped on the attachment-validation warning page...

4.7CVSS0.00206EPSS
Exploits0References1
CVE
CVE
added 3 days ago11 views

CVE-2026-11944

CVE-2026-11944 affects openSIS Classic 9.3. The vulnerability is an authenticated path traversal in the legacy messaging SentMail attachment download functionality, allowing an authenticated attacker to read arbitrary files on the server via crafted path traversal sequences. Impact is limited to ...

6.5CVSS6.2AI score0.00377EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder