CVE-2026-2558

A flaw has been found in GeekAI up to 4.2.4. The affected element is the function Download of the file api/handler/nethandler.go. This manipulation of the argument url causes server-side request forgery. Remote exploitation of the attack is possible. The exploit has been published and may be used...

PT-2026-8348

A flaw has been found in GeekAI up to 4.2.4. The affected element is the function Download of the file api/handler/net handler.go. This manipulation of the argument url causes server-side request forgery. Remote exploitation of the attack is possible. The exploit has been published and may be use...

GeekAI 代码问题漏洞

GeekAI is a large language model assistant developed by GeekMaser’s individual developers. Versions of GeekAI 4.2.4 and earlier contained code vulnerabilities. These vulnerabilities stemmed from improper handling of the url parameter in the Download function within the...

CVE-2026-21851

MONAI Medical Open Network for AI is an AI toolkit for health care imaging. In versions up to and including 1.5.1, a Path Traversal Zip Slip vulnerability exists in MONAI's downloadfromngcprivate function. The function uses zipfile.ZipFile.extractall without path validation, while other similar...

CVE-2026-21851

MONAI has a Path Traversal (Zip Slip) vulnerability in its NGC private bundle download path. In MONAI

CVE-2026-21851 MONAI has Path Traversal (Zip Slip) in NGC Private Bundle Download

MONAI Medical Open Network for AI is an AI toolkit for health care imaging. In versions up to and including 1.5.1, a Path Traversal Zip Slip vulnerability exists in MONAI's downloadfromngcprivate function. The function uses zipfile.ZipFile.extractall without path validation, while other similar...

MONAI 路径遍历漏洞

MONAI is a medical imaging AI toolkit open-sourced by Project MONAI. A path traversal vulnerability exists in MONAI 1.5.1 and earlier versions, which stems from the downloadfromngcprivate function using zipfile.ZipFile.extractall without path validation, which could lead to a path traversal attac...

PT-2026-2101

Name of the Vulnerable Software and Affected Versions MONAI versions up to and including 1.5.1 Description MONAI Medical Open Network for AI is an AI toolkit for health care imaging. A Path Traversal Zip Slip issue exists in the download from ngc private function. This function utilizes...

CVE-2025-15247

The CVE-2025-15247 entry concerns the snap7-rs library by gmg137. Affected code is snap7_rs::client::S7Client::download in client.rs, where a heap-based buffer overflow can be triggered remotely. Public exploitation materials exist. The project uses a rolling release, so affected/updated version ...

snap7-rs 安全漏洞

snap7-rs is a library for C++ by the individual developer gmg137. A security vulnerability exists in snap7-rs, which stems from an incorrect operation of the function snap7rs::client::S7Client::download in the file client.rs, which could result in a heap buffer overflow...

CVE-2025-14633 F70 Lead Document Download <= 1.4.4 - Missing Authorization to Unauthenticated Arbitrary Media File Download

The F70 Lead Document Download plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'filedownload' function in all versions up to, and including, 1.4.4. This makes it possible for unauthenticated attackers to download any file from the WordPre...

CVE-2025-56427

Directory Traversal vulnerability in ComposioHQ v.0.7.20 allows a remote attacker to obtain sensitive information via the downloadfileordir function...

PT-2025-49045

Name of the Vulnerable Software and Affected Versions ComposioHQ version 0.7.20 Description A directory traversal issue exists in ComposioHQ version 0.7.20. This allows a remote attacker to potentially access sensitive information through the download file or dir function. The issue involves...

Composio SDK 安全漏洞

Composio SDK is a developer toolkit from Composio Open Source. A security vulnerability exists in Composio SDK version 0.7.20, which stems from the presence of path traversal in the downloadfileordir function, which could lead to the disclosure of sensitive information...

CVE-2025-56427

Directory Traversal vulnerability in ComposioHQ v.0.7.20 allows a remote attacker to obtain sensitive information via the downloadfileordir function...

CVE-2025-11789

Out-of-bounds read vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. The 'DownloadFile' function converts a parameter to an integer using 'atoi' and then uses it as an index in the 'FilesDownload' array with '&FilesDownloadiVar2'. If the parameter is too large, it will access memory beyond...

D-Link DIR-852 HNAP1 File Command Injection Vulnerability

D-Link DIR-852 is a dual-band Gigabit wireless router from Youxun Technology, focusing on home networking solutions and supporting Xunlei remote download function. The D-Link DIR-852 suffers from a command injection vulnerability that stems from the failure of file /HNAP1/ to properly filter...

CVE-2025-11914

A vulnerability was found in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. Affected by this issue is the function Download of the file /DeviceFileReport.do?Action=Download. Performing manipulation of the argument FilePath results in path traversal. The attack may be initiated remotely. The...

CVE-2025-11913

A vulnerability has been found in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. Affected by this vulnerability is the function Download of the file /Service.do?Action=Download. Such manipulation of the argument Path leads to path traversal. The attack can be launched remotely. The exploit h...

CVE-2025-11913

A vulnerability has been found in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. Affected by this vulnerability is the function Download of the file /Service.do?Action=Download. Such manipulation of the argument Path leads to path traversal. The attack can be launched remotely. The exploit h...