Lucene search
K

6490 matches found

Nuclei
Nuclei
added 13 hours ago72 views

Wipro Holmes Orchestrator 20.4.1 - Arbitrary File Download

The File Download API in Wipro Holmes Orchestrator 20.4.1 20.4.102112020 allows remote attackers to read arbitrary files via absolute path traversal in the SearchString JSON field in /home/download POST data. id: CVE-2021-38146 info: name: Wipro Holmes Orchestrator 20.4.1 - Arbitrary File Downloa...

7.5CVSS7.1AI score0.11733EPSS
Exploits3References4
Nuclei
Nuclei
added 13 hours ago51 views

Lawo AG vsm LTC Time Sync (vTimeSync) - Path Traversal

The web server of Lawo AG vsm LTC Time Sync vTimeSync is affected by a "..." triple dot path traversal vulnerability. By sending a specially crafted HTTP request, an unauthenticated remote attacker could download arbitrary files from the operating system. As a limitation, the exploitation is only...

7.5CVSS7.1AI score0.04325EPSS
Exploits1References5
Nuclei
Nuclei
added 13 hours ago596 views

WordPress Automatic Plugin <3.92.1 - Arbitrary File Download and SSRF

WordPress Automatic plugin 3.92.1 is vulnerable to unauthenticated Arbitrary File Download and SSRF Located in the downloader.php file, could permit attackers to download any file from a site. Sensitive data, including login credentials and backup files, could fall into the wrong hands. This...

9.9CVSS7AI score0.93971EPSS
Exploits18References3
Nuclei
Nuclei
added 13 hours ago23 views

Longjing Technology BEMS API 1.21 - Unauthenticated Arbitrary File Download

Longjing Technology BEMS API 1.21 is vulnerable to local file inclusion. Input passed through the fileName parameter through the downloads API endpoint is not properly verified before being used to download files. This can be exploited to disclose the contents of arbitrary and sensitive files...

8.7CVSS7.1AI score0.01461EPSS
Exploits1References5
Nuclei
Nuclei
added 13 hours ago43 views

Sante PACS Server.exe - Path Traversal Information Disclosure

A Path Traversal Information Disclosure vulnerability exists in "Sante PACS Server.exe". An unauthenticated remote attacker can exploit it to download arbitrary files on the disk drive where the application is installed. id: CVE-2025-2264 info: name: Sante PACS Server.exe - Path Traversal...

7.5CVSS7.2AI score0.38656EPSS
Exploits2References1
Nuclei
Nuclei
added 13 hours ago60 views

WordPress Eventin (Themewinter) ≤ 4.0.26 - Arbitrary File Download

Themewinter Eventin contains a path traversal caused by relative path manipulation, letting attackers access arbitrary files on the server, exploit requires no specific privileges or user interaction. id: CVE-2025-47445 info: name: WordPress Eventin Themewinter ≤ 4.0.26 - Arbitrary File Download...

9.8CVSS7.1AI score0.0465EPSS
Exploits1References3
Nuclei
Nuclei
added 13 hours ago31 views

GDidees CMS v3.9.1 - Arbitrary File Download

GDidees CMS v3.9.1 and lower was discovered to contain an arbitrary file download vulenrability via the filename parameter at /admin/imgdownload.php. id: CVE-2023-27179 info: name: GDidees CMS v3.9.1 - Arbitrary File Download author: theamanrawat severity: high description: | GDidees CMS v3.9.1 a...

7.5CVSS7AI score0.60793EPSS
Exploits4References5
CVE
CVE
added yesterday10 views

CVE-2026-57815

CVE-2026-57815 documents a path traversal vulnerability in the WordPress plugin Forminator (WPMU DEV Your All-in-One WordPress Platform Forminator) affecting version range up to and including 1.55.0.2. The issue is described as Improper Limitation of a Pathname to a Restricted Directory, enabling...

7.5CVSS6.1AI score0.00503EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday23 views

CVE-2026-57815 WordPress Forminator plugin <= 1.55.0.2 - Arbitrary File Download vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in WPMU DEV - Your All-in-One WordPress Platform Forminator forminator allows Path Traversal.This issue affects Forminator: from n/a through = 1.55.0.2...

7.5CVSS0.00503EPSS
Exploits0References1
NVD
NVD
added 4 days ago8 views

CVE-2026-41878

R-SOFT DMS is vulnerable to Insecure Direct Object Reference IDOR attack in multiple file download endpoints. The application fetches files from the database by ID and serves them to whoever requests them, relying only on session authentication, meaning any valid user can access any file. This...

7.1CVSS0.0047EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago29 views

CVE-2026-41878 Insecure Direct Object Reference in R-SOFT DMS

R-SOFT DMS is vulnerable to Insecure Direct Object Reference IDOR attack in multiple file download endpoints. The application fetches files from the database by ID and serves them to whoever requests them, relying only on session authentication, meaning any valid user can access any file. This...

7.1CVSS0.0047EPSS
Exploits0References1
CVE
CVE
added 4 days ago9 views

CVE-2026-41878

Vulnerability (CVE-2026-41878) in R-SOFT DMS: Insecure Direct Object Reference (IDOR) affecting multiple file download endpoints. The app fetches files from the database by ID and serves them to any request, relying solely on session authentication, enabling a valid user to access any file. Repor...

7.1CVSS6.1AI score0.0047EPSS
Exploits0References1
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-42856

R-SOFT DMS is vulnerable to Insecure Direct Object Reference IDOR attack in multiple file download endpoints. The application fetches files from the database by ID and serves them to whoever requests them, relying only on session authentication, meaning any valid user can access any file. This...

7.1CVSS6.1AI score0.01228EPSS
Exploits0References1
Patchstack
Patchstack
added 6 days ago7 views

WordPress Forminator plugin <= 1.55.0.2 - Arbitrary File Download vulnerability

Arbitrary File Download vulnerability discovered by daroo in WordPress Plugin Forminator versions = 1.55.0.2...

7.5CVSS6.1AI score0.00503EPSS
Exploits0Affected Software1
OSV
OSV
added 6 days ago5 views

DEBIAN-CVE-2026-59995

sftp in OpenSSH before 10.4 does not properly constrain the location of downloaded files when "sftp server:/path ." is used with an attacker-controlled server...

5.4CVSS6AI score0.00241EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added last week5 views

CVE-2026-53729

DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, any authenticated user can download /exportCenter/download/id, delete /exportCenter/delete, retry /exportCenter/retry/id, or generate download links /exportCenter/generateDownloadUri/id for export tasks belonging t...

8.7CVSS5.9AI score0.00391EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-357 internetarchive Vulnerable to Directory Traversal in File.download()

Impact What kind of vulnerability is it? This is a Critical severity directory traversal path traversal vulnerability in the File.download method of the internetarchive library. Who is impacted? All users of the internetarchive library versions 5.5.1 are impacted. The vulnerability is particularl...

9.4CVSS6AI score0.01402EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/06/26 8:55 p.m.39 views

CVE-2026-49984 Kestra: Path traversal in `LocalStorage` allows any authenticated user to read arbitrary server files via the execution file-download API (`\..\` bypasses the `..` guard)

Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.45 and 1.3.23, the local internal-storage backend validates user-supplied paths for .. traversal before it converts Windows-style backslashes to forward slashes. An attacker can therefore smuggle a traversal sequence past...

7.7CVSS0.00386EPSS
Exploits1References1
CVE
CVE
added 2026/06/26 8:55 p.m.21 views

CVE-2026-49984

CVE-2026-49984 – Kestra : A path traversal vulnerability in the LocalStorage backend allows any authenticated user who can view an execution to read arbitrary files on the server. Before patching, the LocalStorage path validator mishandles Windows-style backslashes, letting an attacker smuggle tr...

7.7CVSS6AI score0.00386EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2026/06/25 4:16 p.m.9 views

CVE-2026-48944

The K2 frontend article-save handler accepts an attachmentNexisting POST field that is concatenated with JPATHSITE/ and passed to JFile::copy. JPath::clean does NOT strip .., and there is no allow-list of source paths. An Author can therefore copy configuration.php or any other file readable by t...

6.5CVSS0.00295EPSS
Exploits0References1
Rows per page
Query Builder