Lucene search
K

5 matches found

Cvelist
Cvelist
added 2026/05/08 3:51 a.m.37 views

CVE-2026-42277 Onyx: IDOR in /chat/file/{file_id} allows any authenticated user to download other users files

Onyx is an open-source AI platform. Prior to versions 3.0.9, 3.1.6, and 3.2.6, the GET /chat/file/fileid endpoint allows any authenticated user to download any other user's uploaded files by providing the file UUID. The endpoint verifies the caller is authenticated but never checks that the file...

6.5CVSS0.00201EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/05 12:0 a.m.6 views

JIZHICMS 代码问题漏洞

JIZHICMS is an open-source content management system developed by JIZHI Corporation in China. Version 1.6.7 of JIZHICMS contains code vulnerabilities; these vulnerabilities stem from a file download vulnerability present in the administrator plugin update endpoint. This vulnerability could allow...

8.8CVSS6AI score0.00687EPSS
Exploits1References3
CVE
CVE
added 2025/10/14 5:1 p.m.17 views

CVE-2025-37144

CVE-2025-37144 describes an authentication-requiring arbitrary file download vulnerability in a low-level interface library of ArubaOS AOS-10 GW and AOS-8 Controller/Mobility Conductor. Exploitation could let an authenticated attacker download arbitrary files through crafted requests. The connect...

4.9CVSS6.5AI score0.00409EPSS
Exploits0References1Affected Software1
CNVD
CNVD
added 2018/12/27 12:0 a.m.3 views

Unspecified Vulnerability in FEBS-Shiro

FEBS-Shiro is a set of back-end permissions management system based on the Sping Boot framework . A security vulnerability exists in the 'fileDownload' function of the CommonController class in versions of FEBS-Shiro prior to 2018-11-05. An attacker can exploit the vulnerability by sending a...

7.5CVSS6.8AI score0.02435EPSS
Exploits1References1
OSV
OSV
added 2017/04/20 10:59 p.m.3 views

CVE-2017-6614

A vulnerability in the file-download feature of the web user interface for Cisco FindIT Network Probe Software 1.0.0 could allow an authenticated, remote attacker to download and view any system file by using the affected software. The vulnerability is due to the absence of role-based access...

6.5CVSS5.8AI score0.01738EPSS
Exploits0References2
Rows per page
Query Builder