WordPress Contact Form vCard Generator plugin <= 2.4 - Missing Authorization to Unauthenticated Sensitive Information Exposure via 'wp-gvc-cf-download-id' Parameter vulnerability

Missing Authorization to Unauthenticated Sensitive Information Exposure via 'wp-gvc-cf-download-id' Parameter vulnerability discovered by Sopon Tangpathum SoNaJaa - freelance in WordPress Plugin Contact Form vCard Generator versions = 2.4...

CVE-2023-53930

ProjectSend r1605 contains an insecure direct object reference vulnerability that allows unauthenticated attackers to download private files by manipulating the download ID parameter. Attackers can access any user's private files by changing the 'id' parameter in the download request to process.p...

CVE-2023-53930 ProjectSend r1605 Insecure Direct Object Reference File Download Vulnerability

ProjectSend r1605 contains an insecure direct object reference vulnerability that allows unauthenticated attackers to download private files by manipulating the download ID parameter. Attackers can access any user's private files by changing the 'id' parameter in the download request to process.p...

CVE-2025-10766

A weakness has been identified in SeriaWei ZKEACMS up to 4.3. This issue affects the function Download of the file EventViewerController.cs. Executing manipulation of the argument ID can lead to path traversal. It is possible to launch the attack remotely. The exploit has been made available to t...

AnonX - An Encrypted File Transfer Via AES-256-CBC

An Encrypted File transfer via AES-256-CBC AnonX is an encrypted file uploader and downloader. The uploaded archive lasts for one week and shall remove from the server. AnonX encrypts the directory before uploading it to the server. The download function requires the download id and AES password ...