14 matches found
CVE-2026-49742 TYPO3 CMS - Broken Access Control in Media Module
Backend users with file download permissions were able to download files from the fallback storage of the file abstraction layer FAL via the Media Module. Since the fallback storage resolves paths relative to the server's document root, this could expose sensitive files such as log files. This...
TYPO3 CMS 路径遍历漏洞
TYPO3 CMS is a content management system developed under the TYPO3 open source framework. Versions 11.0.0 to 11.5.50, 12.0.0 to 12.4.45, 13.0.0 to 13.4.30, and 14.0.0 to 14.3.2 of TYPO3 CMS contain a path traversal vulnerability. This vulnerability arises from backend users with file download...
PT-2026-47749
Name of the Vulnerable Software and Affected Versions TYPO3 CMS versions 11.0.0 through 11.5.50 TYPO3 CMS versions 12.0.0 through 12.4.45 TYPO3 CMS versions 13.0.0 through 13.4.30 TYPO3 CMS versions 14.0.0 through 14.3.2 Description Backend users with file download permissions can download files...
File Browser 安全漏洞
File Browser is an open-source file management interface developed by File Browser. It allows for the uploading, deletion, previewing, and editing of files within a specified directory. Versions of File Browser prior to 2.63.1 contained security vulnerabilities. These vulnerabilities stemmed from...
CVE-2025-62614 BookLore Media API Authentication Bypass
BookLore is a self-hosted web app for organizing and managing personal book collections. In versions 1.8.1 and prior, an authentication bypass vulnerability in the BookMediaController allows any unauthenticated user to access and download book covers, thumbnails, and complete PDF/CBX page content...
CVE-2024-52509 Nextcloud Mail app does not respect download permissions in shares
Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. The Nextcloud mail app incorrectly allowed attaching shared files without download permissions as attachments. This allowed users to send them the files to themselves and then downloading it from their mail clients...
CVE-2024-52509 Nextcloud Mail app does not respect download permissions in shares
Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. The Nextcloud mail app incorrectly allowed attaching shared files without download permissions as attachments. This allowed users to send them the files to themselves and then downloading it from their mail clients...
Mail app does not respect download permissions in shares
None...
PT-2024-9167 · Nextcloud +1 · Nextcloud Mail +1
Name of the Vulnerable Software and Affected Versions: Nextcloud Mail versions prior to 2.2.10 Nextcloud Mail versions prior to 3.6.2 Nextcloud Mail versions prior to 3.7.2 Description: The issue is related to insufficient access control in the Nextcloud mail client, allowing a remote attacker to...
PYSEC-2023-286
Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. In Nautobot 1.x and 2.0.x prior to 1.6.7 and 2.0.6, the URLs /files/get/?name=... and /files/download/?name=... are used to provid...
SUSE CVE-2023-39961
Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 24.0.4 and prior to versions 25.0.9, 26.0.4, and 27.0.1, when a folder with images or an image was shared without download permissions, the user could add the image inline into a text file and...
CVE-2023-39961 Text does not respect "Allow download" permissions
Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 24.0.4 and prior to versions 25.0.9, 26.0.4, and 27.0.1, when a folder with images or an image was shared without download permissions, the user could add the image inline into a text file and...
Nextcloud: Nextcloud mail does not respect download permissions in shares
The Nextcloud mail application was found to not respect download permissions in shared files. This vulnerability could have allowed unauthorized access to shared files...
Nextcloud: Download permissions can be changed by resharer
Download permissions in Nextcloud 25 could be changed by a resharer, rendering the secure view feature for internal shares useless. This allowed users to download files without the watermark and other security measures...