Lucene search
K

22 matches found

Cvelist
Cvelist
added 2026/05/21 9:7 p.m.31 views

CVE-2026-7879 Concrete CMS 9.5.0 and below is vulnerable to File Download Authorization Bypass in submit_password()

In Concrete CMS 9.5.0 and below, the submitpassword method in concrete/controllers/singlepage/downloadfile.php allows unauthorized file access since downloading permission-restricted files bypasses the viewfile permission check. Files without passwords can be downloaded and any user who knows a...

6.3CVSS0.00224EPSS
Exploits0References1
CVE
CVE
added 2026/05/21 9:7 p.m.18 views

CVE-2026-7879

Concrete CMS 9.5.0 and earlier is affected by a vulnerability in submit_password() within concrete/controllers/single_page/download_file.php that permits unauthorized access to files. The issue arises because downloading permission-restricted files bypasses the view_file permission check; files w...

6.3CVSS5.8AI score0.00224EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/05/08 5:16 a.m.14 views

CVE-2026-42277

Onyx is an open-source AI platform. Prior to versions 3.0.9, 3.1.6, and 3.2.6, the GET /chat/file/fileid endpoint allows any authenticated user to download any other user's uploaded files by providing the file UUID. The endpoint verifies the caller is authenticated but never checks that the file...

6.5CVSS0.00201EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/02 6:4 p.m.2 views

CVE-2026-34581

goshs is a SimpleHTTPServer written in Go. From version 1.1.0 to before version 2.0.0-beta.2, when using the Share Token it is possible to bypass the limited selected file download with all the gosh functionalities, including code exec. This issue has been patched in version 2.0.0-beta.2...

8.1CVSS5.8AI score0.00392EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2026/03/31 8:16 p.m.4 views

CVE-2026-34784

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.71 and 9.7.1-alpha.1, file downloads via HTTP Range requests bypass the afterFindParse.File trigger and its validators on storage adapters that support streaming e.g. the...

8.2CVSS0.00378EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/12/18 12:0 a.m.3 views

M-Files Server 安全漏洞

M-Files Server is a server for the M-Files system from M-Files, Inc. A security vulnerability exists in M-Files Server versions prior to 25.12 that stems from improper access checking and could lead to file download bypass...

5.3CVSS6.5AI score0.00277EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2005-0146

Malware in sbrugna...

2.6CVSS6.2AI score0.01044EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-12221

Malicious code in bioql PyPI...

6.5CVSS8AI score0.00595EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-57444

Malicious code in bioql PyPI...

6.5CVSS7.3AI score0.01048EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:55 p.m.10 views

CVE-2022-2367

The WSM Downloader WordPress plugin through 1.4.0 allows only specific popular websites to download images/files from, this can be bypassed due to the lack of good "link" parameter validation...

7.5CVSS6.8AI score0.00953EPSS
Exploits1References1
OSV
OSV
added 2023/01/10 8:15 p.m.4 views

UBUNTU-CVE-2023-0131

Inappropriate implementation in in iframe Sandbox in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to bypass file download restrictions via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS7.3AI score0.00595EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/01/10 12:0 a.m.7 views

Google Chrome 安全漏洞

Google Chrome is a web browser from Google, an American company. A code issue vulnerability exists in versions of Google Chrome prior to 109.0.5414.74, which stems from an improper implementation of its iframe Sandbox, and can be exploited by remote attackers to bypass file download restrictions...

6.5CVSS8.7AI score0.00595EPSS
Exploits0References8
CVE
CVE
added 2023/01/10 12:0 a.m.310 views

CVE-2023-0131

The CVE-2023-0131 entry concerns Google Chrome before version 109.0.5414.74, where an inappropriate implementation in the iframe Sandbox could allow a remote attacker to bypass file download restrictions via a crafted HTML page. The vulnerability affects Chrome/Chromium sandbox behavior and is ra...

6.5CVSS5.7AI score0.00595EPSS
Exploits0References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/09/28 12:0 a.m.8 views

The vulnerability of the WKUserScript script in Mozilla Firefox’s browser loading mechanism for iOS allows a malicious user to load any file they desire.

The vulnerability of the WKUserScript script in Mozilla Firefox’s browser download function for iOS is related to deficiencies in access control. Exploiting this vulnerability allows a remote attacker to download any file they desire...

7.8CVSS6.6AI score0.00674EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2020/11/17 8:24 p.m.58 views

CVE-2020-26549

CVE-2020-26549 affects Aviatrix Controller prior to R5.4.1290. The vulnerability arises from an htaccess protection mechanism that prevents requests to directories, which can be bypassed to download files beyond a user’s rights. Documented impact in CNVD/NVD entries: an attacker could download re...

7.5CVSS7.5AI score0.01488EPSS
Exploits1References1Affected Software1
RedHat Linux
RedHat Linux
added 2019/10/29 9:30 a.m.7 views

chromium-browser: Multiple file download protection bypass

Insufficient filtering in Blink in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass multiple file download protection via a crafted HTML page...

6.5CVSS7.4AI score0.00706EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2016/06/16 12:0 a.m.22 views

Google Chrome < 50.0.2661.75 Multiple Vulnerabilities

Binary data 9369.pasl...

8.1CVSS7.3AI score0.01278EPSS
Exploits0References2
NVD
NVD
added 2005/01/24 5:0 a.m.27 views

CVE-2005-0145

Firefox before 1.0 does not properly distinguish between user-generated and synthetic click events, which allows remote attackers to use Javascript to bypass the file download prompt when the user uses the Alt-click feature...

2.6CVSS6.4AI score0.01044EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2005/01/24 5:0 a.m.256 views

CVE-2005-0145

Firefox before 1.0 does not properly distinguish between user-generated and synthetic click events, which allows remote attackers to use Javascript to bypass the file download prompt when the user uses the Alt-click feature...

2.6CVSS5.9AI score0.01044EPSS
Exploits0References2
NVD
NVD
added 2004/11/16 5:0 a.m.20 views

CVE-2004-1331

The execCommand method in Microsoft Internet Explorer 6.0 SP2 allows remote attackers to bypass the "File Download - Security Warning" dialog and save arbitrary files with arbitrary extensions via the SaveAs command...

2.6CVSS6.6AI score0.19468EPSS
Exploits1References7
Rows per page
Query Builder