PT-2026-45121

Open STA Manager 2.3 contains a path traversal vulnerability that allows authenticated users to download arbitrary files by manipulating the file parameter. Attackers can send GET requests to modules/backup/actions.php with op=getfile and traverse directories using ../ sequences to access sensiti...

Interinfo DreamMaker 安全漏洞

Interinfo DreamMaker is an application developed by Interinfo Corporation in China. Interinfo DreamMaker has a security vulnerability, which stems from relative path traversal. This vulnerability could allow privileged local attackers to download arbitrary system files...

EUVD-2026-31429

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to validate file ownership and access control, which allows an authenticated user to access and download files belonging to other users or teams via crafted Boards API requests using valid file IDs...

F5 BIG-IP 安全漏洞

F5 BIG-IP is an application delivery platform developed by F5 Technologies in the United States. It integrates functions such as network traffic management, application security management, and load balancing. F5 BIG-IP has a security vulnerability that stems from allowing authenticated attackers...

CVE-2026-20078

Multiple vulnerabilities in Cisco Unity Connection could allow an authenticated, remote attacker to download arbitrary files from an affected system. To exploit these vulnerabilities, the attacker must have valid administrative credentials. These vulnerabilities are due to improper sanitization o...

CVE-2019-25610

NetNumber Titan Master 7.9.1 contains a path traversal vulnerability in the drp endpoint that allows authenticated users to download arbitrary files by injecting directory traversal sequences. Attackers can manipulate the path parameter with base64-encoded payloads containing ../ sequences to...

CVE-2019-25574

Green CMS 2.x contains a path traversal vulnerability that allows authenticated attackers to download arbitrary files and directories by injecting directory traversal sequences. Attackers can manipulate the themename parameter in the themeexporthandle action or supply base64-encoded file paths to...

Green CMS 路径遍历漏洞

Green CMS is a content management system developed by Green CMS Inc. The Green CMS 2.x version has a path traversal vulnerability. This vulnerability stems from the themename parameter allowing for path traversal, which may enable authenticated attackers to download arbitrary files and directorie...

Sz-Admin 代码问题漏洞

Sz-Admin is a mid-backend management software developed by INS6+ individual developers. Versions of Sz-Admin such as 1.3.2-beta and earlier contained code vulnerabilities. These vulnerabilities stemmed from incorrect handling of parameters in the files/download file and API, particularly the url...

Malicious code in cubaflixdownload (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 e301875480dd0a0265eef6c8d1a5b65ef85f1e2051d0e5491dcb4767c5f7b578 During importing, the code automatically starts a Telegram bot designed to download and save files locally upon a specific message in the channel. While this...

Malicious code in platforms (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 152f27ebcd7a8c662ffcbfe69086e0a50e71f73993bc7d97ce3bb67896c8a4dc During importing, the code automatically starts a Telegram bot designed to download and save files locally upon a specific message in the channel. While this...

USN-7989-1: The Internet Archive Python Library vulnerability

Pengo Wray discovered that The Internet Archive Python Library incorrectly handled certain file paths when downloading files. An attacker could possibly use this issue to write files to arbitrary locations on the file system...

CVE-2026-1022

Statistics Database System developed by Gotac has an Arbitrary File Read vulnerability, allowing unauthenticated remote attackers to exploit Relative Path Traversal to download arbitrary system files...

PT-2026-3205

Police Statistics Database System developed by Gotac has an Arbitrary File Read vulnerability, allowing Unauthenticated remote attacker to exploit Absolute Path Traversal to download arbitrary system files...

CVE-2023-25573

metersphere is an open source continuous testing platform. In affected versions an improper access control vulnerability exists in /api/jmeter/download/files, which allows any user to download any file without authentication. This issue may expose all files available to the running process. This...

CVE-2026-22235

OPEXUS eComplaint before version 9.0.45.0 allows an attacker to visit the the 'DocumentOpen.aspx' endpoint, iterate through predictable values of 'chargeNumber', and download any uploaded files...

PT-2026-2176

Name of the Vulnerable Software and Affected Versions OPEXUS eCasePortal versions prior to 9.0.45.0 Description OPEXUS eCasePortal allows an unauthenticated attacker to access and manipulate user-uploaded files. An attacker can navigate to the ''Attachments.aspx'' endpoint and, by iterating throu...

GRR 4.0.0.0

GRR Rapid Response is an incident response framework focused on remote live forensics. The goal of GRR is to support forensics and investigations in a fast, scalable manner to allow analysts to quickly triage attacks and perform analysis remotely. GRR consists of 2 parts: client and server. GRR...

Files 授权问题漏洞

Files is a single-file PHP application by the individual developer Karl Ward. It can be dragged and dropped into any directory, allowing browsing of the files and directories within. An authorization issue vulnerability exists in Files versions prior to 0.16.11 and 0.17.2, which stems from...

CVE-2025-10249

The Slider Revolution plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on several functions in all versions up to, and including, 6.7.37. This makes it possible for authenticated attackers, with Contributor-level access and above...