CVE-2026-49984

CVE-2026-49984 – Kestra : A path traversal vulnerability in the LocalStorage backend allows any authenticated user who can view an execution to read arbitrary files on the server. Before patching, the LocalStorage path validator mishandles Windows-style backslashes, letting an attacker smuggle tr...

Lawo AG vsm LTC Time Sync (vTimeSync) - Path Traversal

The web server of Lawo AG vsm LTC Time Sync vTimeSync is affected by a "..." triple dot path traversal vulnerability. By sending a specially crafted HTTP request, an unauthenticated remote attacker could download arbitrary files from the operating system. As a limitation, the exploitation is only...

Sante PACS Server.exe - Path Traversal Information Disclosure

A Path Traversal Information Disclosure vulnerability exists in "Sante PACS Server.exe". An unauthenticated remote attacker can exploit it to download arbitrary files on the disk drive where the application is installed. id: CVE-2025-2264 info: name: Sante PACS Server.exe - Path Traversal...

Wipro Holmes Orchestrator 20.4.1 - Arbitrary File Download

The File Download API in Wipro Holmes Orchestrator 20.4.1 20.4.102112020 allows remote attackers to read arbitrary files via absolute path traversal in the SearchString JSON field in /home/download POST data. id: CVE-2021-38146 info: name: Wipro Holmes Orchestrator 20.4.1 - Arbitrary File Downloa...

GDidees CMS v3.9.1 - Arbitrary File Download

GDidees CMS v3.9.1 and lower was discovered to contain an arbitrary file download vulenrability via the filename parameter at /admin/imgdownload.php. id: CVE-2023-27179 info: name: GDidees CMS v3.9.1 - Arbitrary File Download author: theamanrawat severity: high description: | GDidees CMS v3.9.1 a...

WordPress Automatic Plugin <3.92.1 - Arbitrary File Download and SSRF

WordPress Automatic plugin 3.92.1 is vulnerable to unauthenticated Arbitrary File Download and SSRF Located in the downloader.php file, could permit attackers to download any file from a site. Sensitive data, including login credentials and backup files, could fall into the wrong hands. This...

WordPress Eventin (Themewinter) ≤ 4.0.26 - Arbitrary File Download

Themewinter Eventin contains a path traversal caused by relative path manipulation, letting attackers access arbitrary files on the server, exploit requires no specific privileges or user interaction. id: CVE-2025-47445 info: name: WordPress Eventin Themewinter ≤ 4.0.26 - Arbitrary File Download...

Longjing Technology BEMS API 1.21 - Unauthenticated Arbitrary File Download

Longjing Technology BEMS API 1.21 is vulnerable to local file inclusion. Input passed through the fileName parameter through the downloads API endpoint is not properly verified before being used to download files. This can be exploited to disclose the contents of arbitrary and sensitive files...

CVE-2026-48944

The K2 frontend article-save handler accepts an attachmentNexisting POST field that is concatenated with JPATHSITE/ and passed to JFile::copy. JPath::clean does NOT strip .., and there is no allow-list of source paths. An Author can therefore copy configuration.php or any other file readable by t...

SimpleHelp <= 5.5.7 - Unauthenticated Path Traversal

SimpleHelp remote support software v5.5.7 and before is vulnerable to multiple path traversal vulnerabilities that enable unauthenticated remote attackers to download arbitrary files from the SimpleHelp host via crafted HTTP requests. These files include server configuration files containing...

CVE-2026-8379

The Frontend File Manager Plugin WordPress plugin through 23.6 does not properly enforce its nonce check on the file download handler, allowing unauthenticated attackers to download files uploaded by any user through the Frontend File Manager Plugin WordPress plugin through 23.6 by iterating...

EUVD-2026-38420

The Frontend File Manager Plugin WordPress plugin through 23.6 does not properly enforce its nonce check on the file download handler, allowing unauthenticated attackers to download files uploaded by any user through the Frontend File Manager Plugin WordPress plugin through 23.6 by iterating...

CVE-2026-8379

The CVE-2026-8379 entry concerns the Frontend File Manager Plugin for WordPress (≤ 23.6). The vulnerability is a failure to properly enforce nonce verification on the file download handler, enabling unauthenticated attackers to download files uploaded by any user by iterating identifiers. The iss...

CVE-2026-8379

The Frontend File Manager Plugin WordPress plugin through 23.6 does not properly enforce its nonce check on the file download handler, allowing unauthenticated attackers to download files uploaded by any user through the Frontend File Manager Plugin WordPress plugin through 23.6 by iterating...

CVE-2026-8379 Frontend File Manager Plugin <= 23.6 - Unauthenticated Arbitrary File Download

The Frontend File Manager Plugin WordPress plugin through 23.6 does not properly enforce its nonce check on the file download handler, allowing unauthenticated attackers to download files uploaded by any user through the Frontend File Manager Plugin WordPress plugin through 23.6 by iterating...

EUVD-2026-37647

Unauthenticated Arbitrary File Download in WP Media folder Addon = 4.0.1 versions...

EUVD-2026-37593

CP Client Arbitrary File Download in Client Portal Pro = 5.6.2 versions...

EUVD-2026-37656

Subscriber Arbitrary File Download in Woocommerce Book Price = 1.3 versions...

EUVD-2025-210217

Unauthenticated Arbitrary File Download in Premium Age Verification / Restriction for WordPress = 3.0.2 versions...

CVE-2026-55748

OpenStack Horizon prior to 25.7.4 can generate scripts for downloading OpenStack RC files where a crafted project name containing shell metacharacters is possible. The description notes this as a security hardening opportunity rather than a vulnerability, and the CVSS 3.1 metrics indicate a MEDIU...