6484 matches found
CVE-2026-63099
TheHive through 4.1.24 contains a broken object-level authorization vulnerability in the attachment download endpoints that allows any authenticated user to access attachments belonging to other organizations by supplying a content-hash identifier. Attackers can exploit the missing...
CVE-2026-63099 TheHive 4.1.24 Broken Object Level Authorization via Attachment Download Endpoints
TheHive through 4.1.24 contains a broken object-level authorization vulnerability in the attachment download endpoints that allows any authenticated user to access attachments belonging to other organizations by supplying a content-hash identifier. Attackers can exploit the missing...
CVE-2026-63099 TheHive 4.1.24 Broken Object Level Authorization via Attachment Download Endpoints
TheHive through 4.1.24 contains a broken object-level authorization vulnerability in the attachment download endpoints that allows any authenticated user to access attachments belonging to other organizations by supplying a content-hash identifier. Attackers can exploit the missing...
EUVD-2026-45197
TheHive through 4.1.24 contains a broken object-level authorization vulnerability in the attachment download endpoints that allows any authenticated user to access attachments belonging to other organizations by supplying a content-hash identifier. Attackers can exploit the missing...
CVE-2026-63099
CVE-2026-63099 affects TheHive up to version 4.1.24 and describes a broken object‑level authorization in the attachment download endpoints. The vulnerability lets any authenticated user access attachments belonging to other organizations by supplying a content-hash identifier. The root cause is a...
EspoCRM <= 9.3.3 - Server-Side Request Forgery
EspoCRM = 9.3.3 contains an authenticated server-side request forgery caused by improper internal-host validation using alternative IPv4 formats in HostCheck::isNotInternalHost, letting authenticated users access internal resources via /api/v1/Attachment/fromImageUrl endpoint. id: CVE-2026-33534...
Group-Office < 26.0.5 - Remote Code Execution
Group-Office before versions 6.8.150, 25.0.82, and 26.0.5 is vulnerable to remote code execution via OS command injection. The endpoint email/message/tnefAttachmentFromTempFile directly concatenates the user-controlled parameter tmpfile into an exec call. By injecting shell metacharacters into...
WP Attachment Export < 0.2.4 - Unrestricted File Download
The plugin does not have proper access controls, allowing unauthenticated users to download the XML data that holds all the details of attachments/posts on a Wordpress powered site. This includes details of even privately published posts and password protected posts with their passwords revealed ...
CVE-2026-2594
The Smart Custom Fields plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 5.0.7. This is due to insufficient input sanitization and output escaping of uploaded image attachment titles. This makes it possible for authenticated attackers, with...
CVE-2026-2594 Smart Custom Fields <= 5.0.7 - Authenticated (Author+) Stored Cross-Site Scripting via Attachment Title
The Smart Custom Fields plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 5.0.7. This is due to insufficient input sanitization and output escaping of uploaded image attachment titles. This makes it possible for authenticated attackers, with...
CVE-2026-2594
The CVE-2026-2594 entry concerns the WordPress plugin Smart Custom Fields. A stored cross-site scripting (XSS) flaw affects versions up to and including 5.0.7, caused by insufficient input sanitization and output escaping for uploaded image attachment titles. This enables authenticated attackers ...
Zimbra Collaboration Suite - Cross-site Scripting
Cross-site scripting XSS vulnerability in the ZmMailMsgView.getAttachmentLinkHtml function in Zimbra Collaboration Suite ZCS before 8.7 Patch 1 and 8.8.x before 8.8.7 might allow remote attackers to inject arbitrary web script or HTML via a Content-Location header in an email attachment. id:...
CVE-2026-12684
The Customer Reviews for WooCommerce WordPress plugin before 5.113.0 does not perform authentication, capability, or nonce checks on one of its media upload AJAX actions when the review media attachment feature is enabled, allowing unauthenticated users to upload media files bounded to an image a...
CVE-2026-52890
Wekan is open source kanban built with Meteor. Prior to 9.31, Wekan allows a logged-in board member to insert an attachment document through the /attachments/insert DDP method with attacker-controlled versions.original.path and versions.original.storage fields. The server/permissions/attachments....
PT-2026-60316
Name of the Vulnerable Software and Affected Versions Wekan versions prior to 9.31 Description A logged-in board member can perform arbitrary file reads and cause a denial of service by inserting an attachment document through the '/attachments/insert' DDP method. The issue occurs because the...
CVE-2026-47429
Vitest is a testing framework powered by Vite. Prior to 3.2.5 and 4.1.0, the Vitest UI/API server on Windows used isFileServingAllowed incorrectly for /vitestattachment, allowing \?\..\ path traversal to read files outside the project; exposed API write and rerun features such as saveTestFile...
CVE-2026-54432
Roundcube Webmail before 1.6.17 and 1.7.x before 1.7.2 allows Stored Cross-Site Scripting XSS. The issue occurs because the attachment MIME type is not properly escaped on the attachment-validation warning page...
CVE-2026-54432
Roundcube Webmail affected: versions before 1.6.17 and 1.7.x before 1.7.2 are vulnerable to a Stored XSS flaw. Root cause: the attachment MIME type is not properly escaped on the attachment-validation warning page, enabling script execution within a victim’s session when an email is viewed. Affec...
CVE-2026-54432
Roundcube Webmail before 1.6.17 and 1.7.x before 1.7.2 allows Stored Cross-Site Scripting XSS. The issue occurs because the attachment MIME type is not properly escaped on the attachment-validation warning page...
CVE-2026-11944
CVE-2026-11944 affects openSIS Classic 9.3. The vulnerability is an authenticated path traversal in the legacy messaging SentMail attachment download functionality, allowing an authenticated attacker to read arbitrary files on the server via crafted path traversal sequences. Impact is limited to ...