Lucene search
K

25 matches found

NVD
NVD
added 2026/04/02 7:21 p.m.13 views

CVE-2026-34581

goshs is a SimpleHTTPServer written in Go. From version 1.1.0 to before version 2.0.0-beta.2, when using the Share Token it is possible to bypass the limited selected file download with all the gosh functionalities, including code exec. This issue has been patched in version 2.0.0-beta.2...

8.1CVSS0.00392EPSS
Exploits1References3
NVD
NVD
added 2026/03/20 12:16 a.m.6 views

CVE-2026-32761

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Versions 2.61.0 and below contain a permission enforcement bypass which allows users who are denied download privileges perm.download = false but granted share...

6.5CVSS0.00424EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/05/21 9:15 p.m.5 views

CVE-2025-47942 Learners on edX Platform can download python_lib.zip

The Open edX Platform is a learning management platform. Prior to commit 6740e75c0fdc7ba095baf88e9f5e4f3e15cfd8ba, edxapp has no built-in protection against downloading the pythonlib.zip asset from courses, which is a concern since it often contains custom grading code or answers to course...

5.3CVSS5.3AI score0.00373EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/17 9:1 p.m.6 views

CVE-2024-8031

The Secure Downloads WordPress plugin before 1.2.3 is vulnerable does not properly restrict which files can be downloaded. This makes it possible for authenticated attackers, with admin-level access and above, to download arbitrary files that may contain sensitive information like wp-config.php...

6.5CVSS6.2AI score0.00423EPSS
Exploits1References1
CVE
CVE
added 2025/05/15 8:7 p.m.26 views

CVE-2024-8031

The CVE-2024-8031 vulnerability affects the Secure Downloads WordPress plugin (versions before 1.2.3). Root cause: the plugin does not properly restrict which files can be downloaded, enabling authenticated attackers with admin-level access to download arbitrary files (e.g., wp-config.php). Impac...

6.5CVSS6.2AI score0.00423EPSS
Exploits1References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2023/08/31 4:15 p.m.4 views

CVE-2023-41717

Inappropriate file type control in Zscaler Proxy versions 3.6.1.25 and prior allows local attackers to bypass file download/upload restrictions...

5.5CVSS5.8AI score0.00364EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2023/04/04 2:15 a.m.3 views

SUSE CVE-2023-28645

Nextcloud richdocuments is a Nextcloud app integrating the office suit Collabora Online. In affected versions the secure view feature of the rich documents app can be bypassed by using unprotected internal API endpoint of the rich documents app. It is recommended that the Nextcloud Office app...

6.5CVSS6.8AI score0.00745EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/04/04 2:15 a.m.3 views

SUSE CVE-2023-28844

Nextcloud server is an open source home cloud implementation. In affected versions users that should not be able to download a file can still download an older version and use that for uncontrolled distribution. This issue has been addressed in versions 24.0.10 and 25.0.4. Users are advised to...

6.5CVSS6.8AI score0.0062EPSS
Exploits0References3
Prion
Prion
added 2023/03/31 11:15 p.m.20 views

Design/Logic Flaw

Nextcloud richdocuments is a Nextcloud app integrating the office suit Collabora Online. In affected versions the secure view feature of the rich documents app can be bypassed by using unprotected internal API endpoint of the rich documents app. It is recommended that the Nextcloud Office app...

4CVSS6.3AI score0.00745EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2023/03/31 10:8 p.m.39 views

CVE-2023-28645 Secure view can be bypassed by using internal API endpoint in Nextcloud richdocuments

Nextcloud richdocuments is a Nextcloud app integrating the office suit Collabora Online. In affected versions the secure view feature of the rich documents app can be bypassed by using unprotected internal API endpoint of the rich documents app. It is recommended that the Nextcloud Office app...

5.7CVSS6.6AI score0.00745EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/01/10 12:0 a.m.6 views

CVE-2023-0131

Inappropriate implementation in in iframe Sandbox in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to bypass file download restrictions via a crafted HTML page. Chromium security severity: Medium...

5.8AI score0.00595EPSS
Exploits0References4
CVE
CVE
added 2022/11/29 12:0 a.m.189 views

CVE-2022-4186

CVE-2022-4186 affects Google Chrome/Chromium, describing insufficient validation of untrusted input in Downloads. Prior to 108.0.5359.71, an attacker who convinces a user to install a malicious extension could bypass Download restrictions via a crafted HTML page. The CVE is labeled Medium severit...

4.3CVSS5AI score0.00437EPSS
Exploits0References4Affected Software1
Veracode
Veracode
added 2022/10/10 8:23 p.m.21 views

Privilege Escalation

chromium is vulnerable to privilege escalation. The vulnerability exists due to an Insufficient validation of untrusted input in Intents allowing a remote attacker to bypass download restrictions via a malicious file...

4.3CVSS6.4AI score0.00599EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2022/08/31 12:0 a.m.5 views

PT-2022-6879 · Zscaler · Zscaler Proxy

Name of the Vulnerable Software and Affected Versions: Zscaler Proxy versions 3.6.1.25 and prior Description: The issue is related to inappropriate file type control, which can be exploited by local attackers to bypass file download and upload restrictions. This can potentially allow an attacker ...

5.5CVSS5.3AI score0.00364EPSS
Exploits1References8
ATTACKERKB
ATTACKERKB
added 2022/08/08 2:15 p.m.2 views

CVE-2022-2367

The WSM Downloader WordPress plugin through 1.4.0 allows only specific popular websites to download images/files from, this can be bypassed due to the lack of good "link" parameter validation...

7.5CVSS5.9AI score0.00953EPSS
Exploits1References2
Prion
Prion
added 2022/02/07 4:15 p.m.17 views

Code injection

The SEUR Oficial WordPress plugin before 1.7.2 creates a PHP file with a random name when installed, even though it is used for support purposes, it allows to download any file from the web server without restriction after knowing the URL and a password than an administrator can see in the plugin...

4CVSS5.2AI score0.01156EPSS
Exploits2References1Affected Software1
OSV
OSV
added 2021/11/23 6:18 p.m.26 views

GHSA-MCXR-FX5F-96QQ Server-Side Request Forgery in Concrete CMS

Concrete CMS formerly concrete5 versions below 8.5.7 has a SSRF mitigation bypass using DNS Rebind attack giving an attacker the ability to fetch cloud IAAS ex AWS IAM keys.To fix this Concrete CMS no longer allows downloads from the local network and specifies the validated IP when downloading...

5.3CVSS5.4AI score0.00831EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2020/11/10 12:0 a.m.4 views

The vulnerability in the web interface of Cisco Adaptive Security Appliance and Cisco Firepower Threat Defense software allows a perpetrator to trigger a system reboot.

The vulnerability of the web-based interfaces of Cisco Adaptive Security Appliances and Cisco Firepower Threat Defense lies in the absence of restrictions on file downloads. Exploiting this vulnerability could allow a malicious actor to trigger a system reboot by downloading files into specific...

8.6CVSS7.6AI score0.01895EPSS
Exploits0References3Affected Software2
RedhatCVE
RedhatCVE
added 2019/10/16 6:22 p.m.23 views

CVE-2019-13681

Insufficient data validation in downloads in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass download restrictions via a crafted HTML page...

4.3CVSS3.5AI score0.00634EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2018/09/10 9:31 p.m.52 views

Important: Red Hat Security Advisory: chromium-browser security update

An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...

9.6CVSS6.8AI score0.05264EPSS
Exploits3References24
Rows per page
Query Builder