9 matches found
EUVD-2023-60223
Bludit versions before 3.13.1 contain an authenticated file download vulnerability in the Backup Plugin that allows logged-in users to access arbitrary files. Attackers can exploit the plugin's download functionality by manipulating file path parameters to read sensitive system files through...
CVE-2023-53907
Bludit versions before 3.13.1 contain an authenticated file download vulnerability in the Backup Plugin that allows logged-in users to access arbitrary files. Attackers can exploit the plugin's download functionality by manipulating file path parameters to read sensitive system files through...
CVE-2023-53907 Bludit 3.13.1 Authenticated Arbitrary File Download via Backup Plugin
Bludit versions before 3.13.1 contain an authenticated file download vulnerability in the Backup Plugin that allows logged-in users to access arbitrary files. Attackers can exploit the plugin's download functionality by manipulating file path parameters to read sensitive system files through...
EUVD-2025-21373
Malicious code in bioql PyPI...
EUVD-2024-48621
Malicious code in bioql PyPI...
CVE-2024-7744
In WSFTP Server versions before 8.8.8 2022.0.8, an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in the Web Transfer Module allows File Discovery, Probe System Files, User-Controlled Filename, Path Traversal. An authenticated file download flaw has...
CVE-2024-7744 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Progress WS_FTP Server
In WSFTP Server versions before 8.8.8 2022.0.8, an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in the Web Transfer Module allows File Discovery, Probe System Files, User-Controlled Filename, Path Traversal. An authenticated file download flaw has...
CVE-2021-31567 WordPress Download Monitor plugin <= 4.4.6 - Authenticated Arbitrary File Download vulnerability
Authenticated admin+ Arbitrary File Download vulnerability discovered in Download Monitor WordPress plugin versions = 4.4.6. The plugin allows arbitrary files, including sensitive configuration files such as wp-config.php, to be downloaded via the &downloadablefileurls0 parameter data. It's also...
OpenEMR < 5.0.2 Multiple Vulnerabilities
OpenEMR is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:open-emr:openemr"; ifdescription...