Lucene search
K

314 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 5:6 a.m.7 views

CVE-2023-5079

Lenovo LeCloud App improper input validation allows attackers to access arbitrary components and arbitrary file downloads, which could result in information disclosure...

7.5CVSS6.7AI score0.00626EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 5:0 a.m.12 views

CVE-2023-51750

ScaleFusion 10.5.2 does not properly limit users to the Edge application because file downloads can occur. NOTE: the vendor's position is "Not vulnerable if the default Windows device profile configuration is used which utilizes modern management with website allow-listing rules."...

4.6CVSS6.9AI score0.00286EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 4:6 a.m.8 views

CVE-2023-3813

The Jupiter X Core plugin for WordPress is vulnerable to arbitrary file downloads in versions up to, and including, 4.6.6. This makes it possible for unauthenticated attackers to download the contents of arbitrary files on the server, which can contain sensitive information. The requires the...

7.5CVSS7.2AI score0.00987EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:17 a.m.4 views

CVE-2022-45415

When downloading an HTML file, if the title of the page was formatted as a filename with a malicious extension, Firefox may have saved the file with that extension, leading to possible system compromise if the downloaded file was later ran. This vulnerability affects Firefox 107...

7.8CVSS6AI score0.00232EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:32 p.m.13 views

CVE-2020-24333

A vulnerability in Arista’s CloudVision Portal CVP prior to 2020.2 allows users with “read-only” or greater access rights to the Configlet Management module to download files not intended for access, located on the CVP server, by accessing a specific API...

6.5CVSS6.8AI score0.00835EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 4:31 p.m.8 views

CVE-2020-35362

DEXT5Upload 2.7.1262310 and earlier is affected by Directory Traversal in handler/dext5handler.jsp. This could allow remote files to be downloaded via a dext5CMD=downloadRequest action with traversal in the fileVirtualPath parameter the attacker must provide the correct fileOrgName value...

7.5CVSS6.9AI score0.01617EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 3:11 p.m.7 views

CVE-2020-12404

For native-to-JS bridging the app requires a unique token to be passed that ensures non-app code can't call the bridging functions. That token could leak when used for downloading files. This vulnerability affects Firefox for iOS 26...

4.3CVSS6.4AI score0.00784EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 3:14 a.m.5 views

CVE-2014-10397

The Antioch theme through 2014-09-07 for WordPress allows arbitrary file downloads via the file parameter to lib/scripts/download.php...

7.5CVSS7.1AI score0.03208EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:14 a.m.4 views

CVE-2014-10396

The epic theme through 2014-09-07 for WordPress allows arbitrary file downloads via the file parameter to includes/download.php...

7.5CVSS7.1AI score0.03208EPSS
Exploits1References1
Exploit DB
Exploit DB
added 2025/04/16 12:0 a.m.253 views

Teedy 1.11 - Account Takeover via Stored Cross-Site Scripting (XSS)

Exploit Title: Teedy 1.11 - Account Takeover via Stored Cross-Site Scripting XSS Exploit Author: Ayato Shitomi @ Fore-Z co.ltd Demo Video: https://www.youtube.com/watch?v=udQgVogsmhA Vendor Homepage: https://teedy.io/ Software Link: https://github.com/Tomblib0/Teedy Version: 1.11 Tested on: Linux...

8.4CVSS7.4AI score0.02628EPSS
Exploits3
RedhatCVE
RedhatCVE
added 2025/04/10 5:39 a.m.7 views

CVE-2025-2519

The Sreamit theme for WordPress is vulnerable to arbitrary file downloads in all versions up to, and including, 4.0.1. This is due to insufficient file validation in the 'stsenddownloadfile' function. This makes it possible for authenticated attackers, with subscriber-level access and above, to...

6.5CVSS6.8AI score0.00455EPSS
Exploits0References1
NVD
NVD
added 2025/04/08 2:15 a.m.4 views

CVE-2025-2519

The Sreamit theme for WordPress is vulnerable to arbitrary file downloads in all versions up to, and including, 4.0.1. This is due to insufficient file validation in the 'stsenddownloadfile' function. This makes it possible for authenticated attackers, with subscriber-level access and above, to...

6.5CVSS0.00455EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/19 11:56 a.m.8 views

Security Bulletin: IBM Security QRadar EDR could allow Unauthorized File Retrieval via SMB (CVE-2024-45644)

Summary IBM Security QRadar EDR allows SMB file downloads, restricted to Administrator and Responder accounts. This behavior follows Windows OS defaults, and documentation will be updated to recommend NTLM restrictions and least privilege access controls. Vulnerability Details CVEID:CVE-2024-4564...

4.7CVSS6.5AI score0.00257EPSS
Exploits0Affected Software1
NVD
NVD
added 2025/03/13 5:15 p.m.27 views

CVE-2025-2264

A Path Traversal Information Disclosure vulnerability exists in "Sante PACS Server.exe". An unauthenticated remote attacker can exploit it to download arbitrary files on the disk drive where the application is installed...

7.5CVSS0.38656EPSS
Exploits2References1
NVD
NVD
added 2025/03/03 4:15 p.m.22 views

CVE-2024-43169

IBM Engineering Requirements Management DOORS Next 7.0.2, 7.0.3, and 7.1 could allow a user to download a malicious file without verifying the integrity of the code...

8.8CVSS0.00177EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/03/03 12:0 a.m.4 views

IBM Engineering Requirements Management DOORS Next 安全漏洞

IBM Engineering Requirements Management DOORS Next is a scalable solution from International Business Machines IBM. The solution helps you capture, track, analyze, and manage systems and advanced IT application development. A security vulnerability exists in IBM Engineering Requirements Managemen...

7.5CVSS6.5AI score0.00442EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/02/28 9:23 a.m.5 views

CVE-2025-26698

Incorrect resource transfer between spheres issue exists in RevoWorks SCVX and RevoWorks Browser. If exploited, malicious files may be downloaded to the system where using the product...

2.7CVSS6.8AI score0.00194EPSS
Exploits0References1
CVE
CVE
added 2025/02/26 8:42 a.m.47 views

CVE-2025-26698

CVE-2025-26698 affects RevoWorks SCVX and RevoWorks Browser, caused by an incorrect resource transfer between spheres that can lead to malicious files being downloaded to the user system. Affected products include RevoWorks SCVX (4.0.x and 5.0.x series) and RevoWorks Browser (2.x and 3.x series)....

2.7CVSS3.7AI score0.00194EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/02/26 12:26 a.m.8 views

CVE-2024-56897

Improper access control in the HTTP server in YI Car Dashcam v3.88 allows unrestricted file downloads, uploads, and API commands. API commands can also be made to make unauthorized modifications to the device settings, such as disabling recording, disabling sounds, factory reset...

9.8CVSS7AI score0.0069EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/02/24 12:0 a.m.8 views

CVE-2024-56897

Improper access control in the HTTP server in YI Car Dashcam v3.88 allows unrestricted file downloads, uploads, and API commands. API commands can also be made to make unauthorized modifications to the device settings, such as disabling recording, disabling sounds, factory reset...

9.5AI score0.0069EPSS
Exploits1References3
Rows per page
Query Builder