CVE-2016-20081 WordPress Plugin HB Audio Gallery Lite 1.0.0 Path Traversal File Download

WordPress Plugin HB Audio Gallery Lite 1.0.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary files by manipulating the filepath parameter. Attackers can send requests to the audio-download.php endpoint with directory traversal sequences to acces...

CVE-2016-20081

HB Audio Gallery Lite 1.0.0 (WordPress) has a path traversal in audio-download.php via the file_path parameter that allows unauthenticated access to arbitrary files outside the gallery directory (e.g., wp-config.php). Root cause: inadequate validation of the file_path input. The connected documen...

EUVD-2016-10888

WordPress Simple-Backup 2.7.11 contains multiple vulnerabilities that allow unauthenticated attackers to delete arbitrary files and download sensitive files by manipulating the deletebackupfile and downloadbackupfile parameters in tools.php. Attackers can exploit insufficient input validation usi...

CVE-2016-20076

WordPress Simple-Backup 2.7.11 is affected by multiple vulnerabilities that allow unauthenticated attackers to delete arbitrary files and download sensitive files via the delete_backup_file and download_backup_file parameters in tools.php. The issue arises from insufficient input validation and d...

CVE-2016-20076 WordPress Simple-Backup 2.7.11 Arbitrary File Deletion and Download

WordPress Simple-Backup 2.7.11 contains multiple vulnerabilities that allow unauthenticated attackers to delete arbitrary files and download sensitive files by manipulating the deletebackupfile and downloadbackupfile parameters in tools.php. Attackers can exploit insufficient input validation usi...

CVE-2016-20076 WordPress Simple-Backup 2.7.11 Arbitrary File Deletion and Download

WordPress Simple-Backup 2.7.11 contains multiple vulnerabilities that allow unauthenticated attackers to delete arbitrary files and download sensitive files by manipulating the deletebackupfile and downloadbackupfile parameters in tools.php. Attackers can exploit insufficient input validation usi...

CVE-2026-34026 Path traversal in Wertheim SafeController Software allows authenticated users to download arbitrary files

Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains a path traversal vulnerability in the documentName parameter of the /safe/selfservice/openselfservicedocument endpoint. The application constructs a file path using attacker-controlled input without sufficient validation,...

CVE-2026-34024 Missing authorization checks in Wertheim SafeController Software allow low-privileged users to access restricted functions

The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains missing authorization checks on multiple web application endpoints. An authenticated attacker with minimal privileges can access endpoints that are not visible in the frontend but remain directly reachable. This allow...

CVE-2026-34024

The CVE-2026-34024 entry concerns Wertheim SafeController Software (AssemblyVersion 6.15.8328.28014). The underling issue is missing authorization checks on multiple web endpoints, allowing an authenticated attacker with low privileges to access endpoints not visible in the frontend but directly ...

EUVD-2026-36707

The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains missing authorization checks on multiple web application endpoints. An authenticated attacker with minimal privileges can access endpoints that are not visible in the frontend but remain directly reachable. This allow...

PT-2026-49219

WordPress Plugin HB Audio Gallery Lite 1.0.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary files by manipulating the file path parameter. Attackers can send requests to the audio-download.php endpoint with directory traversal sequences to acce...

PT-2026-49197

Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains a path traversal vulnerability in the documentName parameter of the /safe/selfservice/openselfservicedocument endpoint. The application constructs a file path using attacker-controlled input without sufficient validation,...

PT-2026-49383

Author Arbitrary File Download in Download Monitor = 5.1.9 versions...

PT-2026-49500

Unauthenticated Arbitrary File Download in WPC Product Options for WooCommerce = 3.2.1 versions...

GHSA-CHM7-4VCH-H8VR TYPO3 CMS has Broken Access Control in its Media Module

Problem Backend users with file download permissions were able to download files from the fallback storage of the file abstraction layer FAL via the Media Module. Since the fallback storage resolves paths relative to the server's document root, this could expose sensitive files such as log files...

WordPress WordPress & WooCommerce Scraper Plugin, Import Data from Any Site plugin <= 1.0.7 - Arbitrary File Download vulnerability

Arbitrary File Download vulnerability discovered by Bonds in WordPress Plugin WordPress & WooCommerce Scraper Plugin, Import Data from Any Site versions = 1.0.7...

CVE-2026-53781

Summarize before 0.17.0 contains a resource exhaustion vulnerability that allows remote attackers to cause disk exhaustion by serving media responses that bypass the enforced size limit through missing or misreported Content-Length headers, chunked transfer encoding, or failed HEAD requests...

CVE-2026-53781

The CVE affects the Summarize utility prior to version 0.17.0. Vulnerable path is the temp-file-based media download, where an unbounded response can be streamed via the download/response path, causing disk and resource exhaustion. Root cause: responses bypass the enforced size limit due to missi...

EUVD-2026-35875

Pipecat is an open-source Python framework for building real-time voice and multimodal conversational agents. From version 0.0.90 to before version 1.2.0, a path traversal vulnerability exists in Pipecat's development runner src/pipecat/runner/run.py. When the runner is started with the --folder...

CVE-2017-20250

Mac Photo Gallery 3.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary files by manipulating the albid parameter. Attackers can send requests to macdownload.php with directory traversal sequences to access sensitive files like wp-load.php outside...