Lucene search
K

3971 matches found

Nuclei
Nuclei
added yesterday47 views

Easy Digital Downloads - Privilege Escalation

Improper Authentication vulnerability in Easy Digital Downloads plugin allows unauth. Privilege Escalation. This issue affects Easy Digital Downloads: from 3.1 through 3.1.1.4.1. id: CVE-2023-30869 info: name: Easy Digital Downloads - Privilege Escalation author: daffainfo severity: critical...

9.8CVSS7AI score0.031EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday70 views

WordPress Candidate Application Form <= 1.3 - Local File Inclusion

WordPress Candidate Application Form = 1.3 is susceptible to arbitrary file downloads because the code in downloadpdffile.php does not do any sanity checks. id: CVE-2015-1000005 info: name: WordPress Candidate Application Form = 1.3 - Local File Inclusion author: dhiyaneshDK severity: high...

7.5CVSS7.1AI score0.08833EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday101 views

WordPress Easy Digital Downloads 3.1.0.2/3.1.0.3 - SQL Injection

WordPress Easy Digital Downloads plugin 3.1.0.2 and 3.1.0.3 contains a SQL injection vulnerability in the s parameter of its edddownloadsearch action. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the...

9.8CVSS7.1AI score0.11172EPSS
Exploits2References5
Nuclei
Nuclei
added yesterday82 views

WordPress Easy Digital Downloads <= 3.2.12 - SQL Injection

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Easy Digital Downloads allows SQL Injection.This issue affects Easy Digital Downloads: from n/a through 3.2.12. id: CVE-2024-5057 info: name: WordPress Easy Digital Downloads = 3.2.12 - SQL Injecti...

9.8CVSS6.1AI score0.02588EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday23 views

Longjing Technology BEMS API 1.21 - Unauthenticated Arbitrary File Download

Longjing Technology BEMS API 1.21 is vulnerable to local file inclusion. Input passed through the fileName parameter through the downloads API endpoint is not properly verified before being used to download files. This can be exploited to disclose the contents of arbitrary and sensitive files...

8.7CVSS7.1AI score0.01461EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday81 views

Z-Downloads < 1.11.7 - Cross-Site Scripting

The plugin does not properly validate uploaded files allowing for the uploading of SVGs containing malicious JavaScript. id: CVE-2024-8673 info: name: Z-Downloads 1.11.7 - Cross-Site Scripting author: Splint3r7 severity: low description: | The plugin does not properly validate uploaded files...

9.1CVSS6.1AI score0.01631EPSS
Exploits1References1
Nuclei
Nuclei
added 2 days ago85 views

Wipro Holmes Orchestrator 20.4.1 - Information Disclosure

Wipro Holmes Orchestrator 20.4.1 20.4.102112020 allows remote attackers to download arbitrary files, such as reports containing sensitive information, because authentication is not required for API access to processexecution/DownloadExcelFile/DomainCredentialReportExcel,...

7.5CVSS7.1AI score0.53008EPSS
Exploits3References3
OSSF Malicious Packages
OSSF Malicious Packages
added 3 days ago5 views

Malicious code in metemask-sdk (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a99855c93b46f7b996a005065c319bbb24c9d1f497d05dfd38fc83d1b21facdd metemask-sdk is a typosquat of the legitimate metamask-sdk package. On import, the top-level init.py performs an outbound HTTP fetch to...

6.3AI score
Exploits0References3
NVD
NVD
added 4 days ago7 views

CVE-2026-57828

The Joomla extension Phoca Downloads is vulnerable to an authenticated arbitrary file upload that allows registered users uploading executable files and leads to full RCE...

9CVSS0.00256EPSS
Exploits1References2
EUVD
EUVD
added 4 days ago8 views

EUVD-2026-43167

The Joomla extension Phoca Downloads is vulnerable to an authenticated arbitrary file upload that allows registered users uploading executable files and leads to full RCE...

9CVSS6.1AI score0.00256EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 4 days ago4 views

CVE-2026-57828 Joomla Extension - phoca.cz - Authenticated file upload in RSFiles component < 6.1.3

The Joomla extension Phoca Downloads is vulnerable to an authenticated arbitrary file upload that allows registered users uploading executable files and leads to full RCE...

9CVSS6.1AI score0.00256EPSS
Exploits1References2
CVE
CVE
added 4 days ago21 views

CVE-2026-57828

The CVE-2026-57828 entry concerns the Joomla extension Phoca Downloads (Phoca.cz) with an authenticated arbitrary file upload vulnerability in the RSFiles component prior to 6.1.3. The issue allows registered users to upload executable files, enabling full remote code execution (RCE). The provide...

9CVSS6.1AI score0.00256EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 4 days ago32 views

CVE-2026-57828 Joomla Extension - phoca.cz - Authenticated file upload in RSFiles component < 6.1.3

The Joomla extension Phoca Downloads is vulnerable to an authenticated arbitrary file upload that allows registered users uploading executable files and leads to full RCE...

9CVSS0.00256EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 4 days ago9 views

PT-2026-57426

Name of the Vulnerable Software and Affected Versions Phoca Downloads affected versions not specified Description An authenticated arbitrary file upload issue exists in the Phoca Downloads extension. This flaw allows registered users to upload executable files, which can lead to remote code...

9CVSS6.6AI score0.00256EPSS
Exploits1References5
Debian CVE
Debian CVE
added 2026/07/08 12:4 a.m.5 views

CVE-2026-59995

sftp in OpenSSH before 10.4 does not properly constrain the location of downloaded files when "sftp server:/path ." is used with an attacker-controlled server...

5.4CVSS6AI score0.00241EPSS
Exploits0
Cvelist
Cvelist
added 2026/07/07 8:23 p.m.28 views

CVE-2026-53729 DataEase ExportCenter IDOR allows cross-user export task access

DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, any authenticated user can download /exportCenter/download/id, delete /exportCenter/delete, retry /exportCenter/retry/id, or generate download links /exportCenter/generateDownloadUri/id for export tasks belonging t...

8.7CVSS0.00391EPSS
Exploits0References3
CVE
CVE
added 2026/07/07 8:23 p.m.9 views

CVE-2026-53729

DataEase (open source data visualization/analysis tool) contains an IDOR in the ExportCenter area. Before version 2.10.24, an authenticated user could manipulate the task ID to download, delete, retry, or generate download links for export tasks belonging to other users; additionally, the /export...

8.7CVSS5.9AI score0.00391EPSS
Exploits0References3
OSV
OSV
added 2026/07/07 8:23 p.m.7 views

CVE-2026-53729 DataEase ExportCenter IDOR allows cross-user export task access

DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, any authenticated user can download /exportCenter/download/id, delete /exportCenter/delete, retry /exportCenter/retry/id, or generate download links /exportCenter/generateDownloadUri/id for export tasks belonging t...

8.7CVSS5.9AI score0.00391EPSS
Exploits0References5
NVD
NVD
added 2026/07/06 9:16 p.m.11 views

CVE-2026-57571

Crawl4AI is an open-source LLM-friendly web crawler and scraper. Prior to 0.9.0, when the crawler saves a downloaded file, the destination filename was taken from attacker-influenced input and joined to the downloads directory with no confinement. A filename containing an absolute path or travers...

9.6CVSS0.00502EPSS
Exploits1References2
CVE
CVE
added 2026/07/06 8:9 p.m.13 views

CVE-2026-57571

CVE-2026-57571 affects Crawl4AI prior to version 0.9.0. The vulnerability arises when saving downloaded files: the destination filename is taken from attacker-controlled input and joined to the downloads directory without confinement. If the filename contains an absolute path or traversal, it esc...

9.6CVSS6.4AI score0.00502EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder