Lucene search
+L

112 matches found

Tenable Nessus
Tenable Nessus
added 2025/08/24 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2019-7333

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Reflected Cross Site Scripting XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'Exportfile'...

6.1CVSS6.9AI score0.00873EPSS
Exploits1References2
OSV
OSV
added 2025/08/05 9:15 p.m.5 views

CVE-2025-52237

An issue in the component /stl/actions/download?filePath of SSCMS v7.3.1 allows attackers to execute a directory traversal...

6.5CVSS5.8AI score0.00472EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2025/08/05 12:0 a.m.3 views

CVE-2025-52237

An issue in the component /stl/actions/download?filePath of SSCMS v7.3.1 allows attackers to execute a directory traversal...

6.5CVSS6AI score0.00472EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/07/04 11:18 a.m.7 views

CVE-2025-49303 WordPress Frontend Admin by DynamiApps plugin <= 3.28.7 - Arbitrary File Download Vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Shabti Kaplan Frontend Admin by DynamiApps acf-frontend-form-element allows Path Traversal.This issue affects Frontend Admin by DynamiApps: from n/a through = 3.28.7...

6.8CVSS5.9AI score0.0041EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/05/25 12:0 a.m.5 views

H3C SecCenter SMP-E1114P02 路径遍历漏洞

H3C SecCenter SMP-E1114P02 is a security management platform from China's Xinhua San H3C. A path traversal vulnerability exists in H3C SecCenter SMP-E1114P02 20250513 and earlier versions, which stems from path traversal due to incorrect operation of the parameter Name in the file...

7.5CVSS4.8AI score0.00651EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/02/06 12:0 a.m.5 views

PT-2025-5875 · Unknown · Goldpankit Eva-Server

Name of the Vulnerable Software and Affected Versions: GoldPanKit eva-server version 4.1.0 Description: A vulnerability has been identified that affects the path parameter of the "/api/resource/local/download" endpoint. Manipulation of this path parameter can lead to arbitrary file download...

8.1CVSS7AI score0.00468EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/12/18 12:0 a.m.5 views

GetSimple CMS 安全漏洞

GetSimple CMS is a content management system from GetSimple CMS open source. A security vulnerability exists in GetSimple CMS version 3.3.19, which originates from the download address of a plugin in the backend management system, and can enable server-side request forgery attacks...

7.2CVSS6.7AI score0.00404EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2024/12/06 3:49 a.m.4 views

SUSE CVE-2024-54132

The GitHub CLI is GitHub's official command line tool. A security vulnerability has been identified in GitHub CLI that could create or overwrite files in unintended directories when users download a malicious GitHub Actions workflow artifact through gh run download. This vulnerability stems from ...

7.5CVSS6.4AI score0.00633EPSS
Exploits0References4
OSV
OSV
added 2024/12/04 4:15 p.m.2 views

DEBIAN-CVE-2024-54132

The GitHub CLI is GitHub’s official command line tool. A security vulnerability has been identified in GitHub CLI that could create or overwrite files in unintended directories when users download a malicious GitHub Actions workflow artifact through gh run download. This vulnerability stems from ...

6.3CVSS5.3AI score0.00633EPSS
Exploits0References1
OSV
OSV
added 2024/12/04 4:15 p.m.7 views

UBUNTU-CVE-2024-54132

The GitHub CLI is GitHub’s official command line tool. A security vulnerability has been identified in GitHub CLI that could create or overwrite files in unintended directories when users download a malicious GitHub Actions workflow artifact through gh run download. This vulnerability stems from ...

6.3CVSS5.8AI score0.00633EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2024/10/30 9:15 p.m.2 views

CVE-2024-48735

Directory Traversal in /SASStudio/sasexec/sessions/sessionID/workspace/InternalPath in SAS Studio 9.4 allows remote attacker to access internal files by manipulating default path during file download. NOTE: this is disputed by the vendor because these filesystem paths are allowed for authorized...

7.7CVSS6AI score0.00954EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/10/30 12:0 a.m.5 views

SAS Studio 安全漏洞

SAS Studio is a Web browser-based programming environment from SAS. A security vulnerability exists in SAS Studio version 9.4. A remote attacker could exploit the vulnerability to access internal files by manipulating the default path during file download...

7.7CVSS6.7AI score0.00954EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/10/30 12:0 a.m.9 views

PT-2024-33195 · Sas · Sas Studio

Name of the Vulnerable Software and Affected Versions: SAS Studio version 9.4 Description: The issue allows a remote attacker to access internal files by manipulating the default path during file download through the /SASStudio/sasexec/sessions/sessionID/workspace/InternalPath endpoint, using...

7.7CVSS6.7AI score0.00954EPSS
Exploits0References5
Snyk
Snyk
added 2024/10/28 12:23 p.m.6 views

Command Injection

Overview pyload-ng is a The free and open-source Download Manager written in pure Python Affected versions of this package are vulnerable to Command Injection via the flashgot API and the download process. An attacker can execute arbitrary code by manipulating the download path to target the...

9.2CVSS8AI score0.00679EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/03/08 1:0 p.m.16 views

CVE-2024-2318 ZKTeco ZKBio Media Service Port 9999 download path traversal

A vulnerability was found in ZKTeco ZKBio Media 2.0.0x642024-01-29-1028. It has been classified as problematic. Affected is an unknown function of the file /pro/common/download of the component Service Port 9999. The manipulation of the argument fileName with the input ../../../../zkbiomedia.sql...

5.3CVSS5.4AI score0.00933EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/01/31 12:0 a.m.7 views

Rebuild Information Disclosure Vulnerability

Rebuild is a highly customizable enterprise management system. An information disclosure vulnerability exists in Rebuild 3.5.5 and earlier versions, which stems from a security issue in the QiniuCloud.getStorageFile function in /filex/proxy-download, which leads to information disclosure via the...

7.5CVSS6.1AI score0.01158EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2024/01/29 12:0 a.m.4 views

PT-2024-16113 · Rebuild · Rebuild

Name of the Vulnerable Software and Affected Versions: Rebuild versions up to 3.5.5 Description: A problematic vulnerability was found in Rebuild. The getStorageFile function of the file /filex/proxy-download is affected. The manipulation of the url argument leads to cross-site scripting. The...

6.1CVSS4.1AI score0.00578EPSS
Exploits1References8
CNNVD
CNNVD
added 2024/01/29 12:0 a.m.5 views

Rebuild Cross-Site Scripting Vulnerability

Rebuild is a highly customizable enterprise management system. A cross-site scripting vulnerability exists in Rebuild version 3.5.5, which stems from a cross-site scripting vulnerability in the url parameter of the getStorageFile function of file /filex/proxy-download...

6.1CVSS6.2AI score0.00578EPSS
Exploits1References4
Prion
Prion
added 2023/07/31 3:15 p.m.99 views

Cross site scripting

An issue was discovered in Webmin 2.021. The download functionality allows an attacker to exploit a Cross-Site Scripting XSS vulnerability. By providing a crafted download path containing a malicious payload, an attacker can inject arbitrary code, which is then executed within the context of the...

5.8CVSS5.8AI score0.00533EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2023/04/17 12:0 a.m.13 views

go-bbs 代码问题漏洞

go-bbs is a switchable template BBS social blogging system based on Beego development. A security vulnerability exists in go-bbs v1, which was discovered via component/api/v1/download and contains an arbitrary file download vulnerability...

8.8CVSS8.2AI score0.00789EPSS
Exploits1References2
Rows per page
Query Builder