Defense in Depth update for NuGet Client

Impact This update adds validation of the package ID and version during package download, in addition to the existing package signature validation. Patches NuGet The following NuGet.exe, NuGet.CommandLine, NuGet.Packaging, and NuGet.Protocol versions have been patched: |Affected versions|Patched...

PinchTab has a Blind SSRF via browser-side redirect bypass in /download URL validation

The /download endpoint validates only the initial URL provided by the user using validateDownloadURL to prevent requests to internal or private network addresses. Exploitation requires \security.allowDownload=true, which is disabled by default. However, pages loaded by the embedded Chromium brows...

GHSA-QWXP-6QF9-WR4M PinchTab has a Blind SSRF via browser-side redirect bypass in /download URL validation

The /download endpoint validates only the initial URL provided by the user using validateDownloadURL to prevent requests to internal or private network addresses. Exploitation requires \security.allowDownload=true, which is disabled by default. However, pages loaded by the embedded Chromium brows...

CVE-2025-11521

CVE-2025-11521 : Astra Security Suite – Firewall & Malware Scan WordPress plugin (versions up to 0.2) is vulnerable to unauthenticated arbitrary file upload due to insufficient validation of remote URLs for zip downloads and a easily guessable key. The vulnerability can allow uploading arbitrary ...

CVE-2025-12908

Insufficient validation of untrusted input in Downloads in Google Chrome on Android prior to 140.0.7339.80 allowed a remote attacker to perform domain spoofing via a crafted HTML page. Chromium security severity: Low...

EUVD-2006-1451

Malware in sbrugna...

EUVD-2006-3499

Malware in sbrugna...

EUVD-2008-1043

Malware in sbrugna...

EUVD-2020-28762

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2018-6033

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient data validation in Downloads in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially run arbitrary code outside sandbox vi...

CVE-2023-33176

BigBlueButton is an open source virtual classroom designed to help teachers teach and learners learn. In affected versions are affected by a Server-Side Request Forgery SSRF vulnerability. In an insertDocument API request the user is able to supply a URL from which the presentation should be...

SICK DL100-2xxxxxxx 安全漏洞

The SICK DL100-2xxxxxxxxx is a series of sensors from SICK, Germany. A security vulnerability exists in the SICK DL100-2xxxxxxxx that stems from a lack of download validation checks and could lead to code execution on the target system...

DEBIAN-CVE-2024-3843

Insufficient data validation in Downloads in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

USN-6010-3: Firefox regressions

USN-6010-1 fixed vulnerabilities and USN-6010-2 fixed minor regressions in Firefox. The update introduced several minor regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were...

SUSE CVE-2019-13678

Incorrect data validation in downloads in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page...

CVE-2022-4186

Insufficient validation of untrusted input in Downloads in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to bypass Downloads restrictions via a crafted HTML page. Chromium security severity: Medium...

Google Chrome 输入验证错误漏洞

Google Chrome is a web browser from Google, Inc. A security bypass vulnerability exists in Google Chrome, which stems from inadequate validation of untrusted input in downloads. An attacker could exploit this vulnerability to bypass security restrictions...

CVE-2022-3762

The Booster for WooCommerce WordPress plugin before 5.6.7, Booster Plus for WooCommerce WordPress plugin before 5.6.5, Booster Elite for WooCommerce WordPress plugin before 1.1.7 do not validate files to download in some of its modules, which could allow ShopManager and Admin to download arbitrar...

CVE-2021-43930

CVE-2021-43930 affects Elcomplus SmartPTT/SmartPTT SCADA Server backup and restore functionality. The root cause is improper validation of download requests in the backup/restore path traversal flow, enabling an attacker to access files outside the intended directory. Exploitation could allow dow...

Databasir 代码问题漏洞

Databasir is a team-oriented relational database model document management platform. A security vulnerability exists in Databasir 1.01. The vulnerability stems from the fact that during the JDBC driver download validation process, the corresponding JDBC driver download address is downloaded first...