5 matches found
CVE-2026-42277 Onyx: IDOR in /chat/file/{file_id} allows any authenticated user to download other users files
Onyx is an open-source AI platform. Prior to versions 3.0.9, 3.1.6, and 3.2.6, the GET /chat/file/fileid endpoint allows any authenticated user to download any other user's uploaded files by providing the file UUID. The endpoint verifies the caller is authenticated but never checks that the file...
JIZHICMS 代码问题漏洞
JIZHICMS is an open-source content management system developed by JIZHI Corporation in China. Version 1.6.7 of JIZHICMS contains code vulnerabilities; these vulnerabilities stem from a file download vulnerability present in the administrator plugin update endpoint. This vulnerability could allow...
CVE-2025-37144
CVE-2025-37144 describes an authentication-requiring arbitrary file download vulnerability in a low-level interface library of ArubaOS AOS-10 GW and AOS-8 Controller/Mobility Conductor. Exploitation could let an authenticated attacker download arbitrary files through crafted requests. The connect...
Unspecified Vulnerability in FEBS-Shiro
FEBS-Shiro is a set of back-end permissions management system based on the Sping Boot framework . A security vulnerability exists in the 'fileDownload' function of the CommonController class in versions of FEBS-Shiro prior to 2018-11-05. An attacker can exploit the vulnerability by sending a...
CVE-2017-6614
A vulnerability in the file-download feature of the web user interface for Cisco FindIT Network Probe Software 1.0.0 could allow an authenticated, remote attacker to download and view any system file by using the affected software. The vulnerability is due to the absence of role-based access...