126 matches found
EUVD-2026-33605
A security flaw has been discovered in jeecgboot The server processes these URLs up to 3.9.1. This affects the function FileDownloadUtils.download2DiskFromNet of the file /airag/app/debug of the component Cloud Instance Metadata Endpoint. The manipulation results in server-side request forgery. T...
Markdown Downloader MCP Server 路径遍历漏洞
Markdown Downloader MCP Server is a web-to-Markdown downloader from the individual developer Darren Bennett. A path traversal vulnerability exists in Markdown Downloader MCP Server, which originates from the operation of the function downloadmarkdown/listdownloadedfiles/createsubdirectory in the...
CVE-2026-7605
A security flaw has been discovered in JeecgBoot up to 3.9.1. This vulnerability affects the function CommonController.uploadImgByHttp/HttpFileToMultipartFileUtil.httpFileToMultipartFile/HttpFileToMultipartFileUtil.downloadImageData of the file CommonController.java of the component...
Google Chrome 输入验证错误漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 147.0.7727.55 contained a vulnerability related to input validation. This vulnerability stemmed from insufficient validation for untrusted inputs during the download function, which could allow remote...
EUVD-2026-19362
The whisperX API is a tool for enhancing and analyzing audio content. From 0.3.1 to 0.5.0, FileService.downloadfromurl in app/services/fileservice.py calls requests.geturl with zero URL validation. The file extension check occurs AFTER the HTTP request is already made, and can be bypassed by...
CVE-2026-33717
WWBN AVideo is an open source video platform. In versions up to and including 26.0, the downloadVideoFromDownloadURL function in objects/aVideoEncoder.json.php saves remote content to a web-accessible temporary directory using the original URL's filename and extension including .php. By providing...
Zyxel EX3301-T0 操作系统命令注入漏洞
The Zyxel EX3301-T0 is a security routing gateway produced by the Chinese company Zyxel. Versions of the Zyxel EX3301-T0 prior to 5.50ABVY.7C0 contained a vulnerability related to operating system command injection. This vulnerability stemmed from the log file download function, where command...
CVE-2026-2672
A security flaw has been discovered in Tsinghua Unigroup Electronic Archives System 3.2.21080262532. Affected by this vulnerability is the function Download of the file /Search/Subject/downLoad. Performing a manipulation of the argument path results in path traversal. The attack is possible to be...
CVE-2026-2672
A security flaw has been discovered in Tsinghua Unigroup Electronic Archives System 3.2.21080262532. Affected by this vulnerability is the function Download of the file /Search/Subject/downLoad. Performing a manipulation of the argument path results in path traversal. The attack is possible to be...
CVE-2026-2672 Tsinghua Unigroup Electronic Archives System downLoad download path traversal
A security flaw has been discovered in Tsinghua Unigroup Electronic Archives System 3.2.21080262532. Affected by this vulnerability is the function Download of the file /Search/Subject/downLoad. Performing a manipulation of the argument path results in path traversal. The attack is possible to be...
CVE-2026-2672
CVE-2026-2672 affects Tsinghua Unigroup Electronic Archives System 3.2.210802(62532). The vulnerability lies in the Download function for the file /Search/Subject/downLoad, where manipulating the path argument triggers a path traversal. Exploitation is possible remotely; PoC/public exploit exists...
CVE-2026-2672 Tsinghua Unigroup Electronic Archives System downLoad download path traversal
A security flaw has been discovered in Tsinghua Unigroup Electronic Archives System 3.2.21080262532. Affected by this vulnerability is the function Download of the file /Search/Subject/downLoad. Performing a manipulation of the argument path results in path traversal. The attack is possible to be...
PT-2026-20522
A security flaw has been discovered in Tsinghua Unigroup Electronic Archives System 3.2.21080262532. Affected by this vulnerability is the function Download of the file /Search/Subject/downLoad. Performing a manipulation of the argument path results in path traversal. The attack is possible to be...
CVE-2026-2558
A flaw has been found in GeekAI up to 4.2.4. The affected element is the function Download of the file api/handler/nethandler.go. This manipulation of the argument url causes server-side request forgery. Remote exploitation of the attack is possible. The exploit has been published and may be used...
EUVD-2026-6085
A flaw has been found in GeekAI up to 4.2.4. The affected element is the function Download of the file api/handler/nethandler.go. This manipulation of the argument url causes server-side request forgery. Remote exploitation of the attack is possible. The exploit has been published and may be used...
CVE-2026-2558
A flaw has been found in GeekAI up to 4.2.4. The affected element is the function Download of the file api/handler/nethandler.go. This manipulation of the argument url causes server-side request forgery. Remote exploitation of the attack is possible. The exploit has been published and may be used...
CVE-2026-2558
A flaw has been found in GeekAI up to 4.2.4. The affected element is the function Download of the file api/handler/nethandler.go. This manipulation of the argument url causes server-side request forgery. Remote exploitation of the attack is possible. The exploit has been published and may be used...
CVE-2026-2558
Technical details beyond what’s in the Initial Description are not publicly provided in the connected documents. Monitor for updates as additional details may be released.
CVE-2026-2558 GeekAI net_handler.go Download server-side request forgery
A flaw has been found in GeekAI up to 4.2.4. The affected element is the function Download of the file api/handler/nethandler.go. This manipulation of the argument url causes server-side request forgery. Remote exploitation of the attack is possible. The exploit has been published and may be used...
CVE-2026-2558 GeekAI net_handler.go Download server-side request forgery
A flaw has been found in GeekAI up to 4.2.4. The affected element is the function Download of the file api/handler/nethandler.go. This manipulation of the argument url causes server-side request forgery. Remote exploitation of the attack is possible. The exploit has been published and may be used...