CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

14 matches found

CVE-2026-34028

The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, exposes web-accessible file paths that are not protected by an authorization scheme. An unauthenticated attacker can directly access HTTP endpoints to download files from locations such as /Resources/CompanyIdID/Audio/ and...

6.9CVSS0.00397EPSS

Exploits1References2

EUVD•added 3 days ago•6 views

EUVD-2026-36711

6.9CVSS5.3AI score0.00397EPSS

Exploits1References2

RedhatCVE•added 2026/06/05 7:25 p.m.•6 views

CVE-2026-44776

Kavita is a cross platform reading server. Prior to 0.9.0, the download, size-check, and chapter metadata endpoints do not enforce library-level authorization. A low-privileged user who knows or guesses a chapterId, volumeId, or seriesId belonging to a library they are not assigned to can downloa...

5.9CVSS5.2AI score0.0025EPSS

Exploits0References1

NVD•added 2026/05/26 6:16 p.m.•10 views

CVE-2026-44776

5.9CVSS0.0025EPSS

Exploits0References1

Vulnrichment•added 2026/05/26 5:29 p.m.•7 views

CVE-2026-44776 Kavita: IDOR in /api/Download/*

5.9CVSS5.7AI score0.0025EPSS

Exploits0References1

ATTACKERKB•added 2026/05/26 5:29 p.m.•4 views

CVE-2026-44776

5.9CVSS5.7AI score0.0025EPSS

Exploits0References2Affected Software1

EUVD•added 2026/05/26 5:29 p.m.•12 views

EUVD-2026-31937

5.9CVSS5.7AI score0.0025EPSS

Exploits0References1

Cvelist•added 2026/05/26 5:29 p.m.•32 views

CVE-2026-44776 Kavita: IDOR in /api/Download/*

5.9CVSS0.0025EPSS

Exploits0References1

CVE•added 2026/05/26 5:29 p.m.•17 views

CVE-2026-44776

Kavita (cross‑platform reading server) prior to 0.9.0 did not enforce library‑level authorization for several download and metadata endpoints, allowing a low‑privileged user who knows a chapterId/volumeId/seriesId to access unrelated library content. Affected endpoints include /api/Download/volum...

5.9CVSS5.7AI score0.0025EPSS

Exploits0References1

NVD•added 2026/04/28 7:37 p.m.•0 views

CVE-2026-41914

OpenClaw before 2026.4.8 contains a server-side request forgery vulnerability in QQ Bot media download paths that bypass SSRF protection. Attackers can exploit unprotected media fetch endpoints to access internal resources and bypass allowlist policies...

8.5CVSS0.00218EPSS

Exploits0References3

EUVD•added 2025/10/06 3:31 p.m.•3 views

EUVD-2025-32532

A security vulnerability has been detected in Four-Faith Water Conservancy Informatization Platform up to 2.2. Affected by this issue is some unknown functionality of the file /stAlarmConfigure/index.do/../../aloneReport/download.do;otherlogout.do. Such manipulation of the argument fileName leads...

6.9CVSS5.9AI score0.00626EPSS

Exploits0References5

CVE•added 2025/10/06 1:2 p.m.•7 views

CVE-2025-11336

CVE-2025-11336 affects the Four-Faith Water Conservancy Informatization Platform (up to 2.2; vendor advisories reference 2.3+). A path traversal flaw exists in the handling of the fileName parameter for the endpoint involving the file path /stAlarmConfigure/index.do/../../aloneReport/download.do;...

6.9CVSS6.1AI score0.00626EPSS

Exploits0References4

Cvelist•added 2023/09/08 7:51 p.m.•37 views

CVE-2023-41318 Unsafe media served inline on download endpoints in matrix-media-repo

matrix-media-repo is a highly customizable multi-domain media repository for the Matrix chat ecosystem. In affected versions an attacker could upload a malicious piece of media to the media repo, which would then be served with Content-Disposition: inline upon download. This vulnerability could b...

4.1CVSS5.8AI score0.00433EPSS

Exploits0References4