Lucene search
K

22 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2019-18380

Malware in sbrugna...

9.8CVSS8.7AI score0.02531EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2007-4407

Malware in sbrugna...

4.3CVSS6.4AI score0.01083EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2008-2302

Malware in sbrugna...

9.3CVSS6.2AI score0.03814EPSS
Exploits1References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2016-10021

Malware in sbrugna...

4.3CVSS4.8AI score0.01184EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2019-13867

Malware in sbrugna...

5.3CVSS5.5AI score0.01301EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2013-0899

Malware in sbrugna...

5CVSS9.3AI score0.01556EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2024-40404

Malicious code in bioql PyPI...

7.5CVSS6.6AI score0.00562EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/07/22 10:18 a.m.4 views

CVE-2025-7899 Insecure Direct Object Reference in extension "powermail" (powermail)

The powermail extension for TYPO3 allows Insecure Direct Object Reference resulting in download of arbitrary files from the webserver. This issue affects powermail version 12.0.0 up to 12.5.2 and version 13.0.0...

6CVSS6.5AI score0.00275EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/07/02 12:0 a.m.4 views

RHEL 8 : thunderbird (RHSA-2025:10165)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2025:10165 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: thunderbird: Unsolicited File Download, Disk Space Exhaustio...

9.8CVSS6.6AI score0.03057EPSS
Exploits0References8
OSV
OSV
added 2025/05/29 9:33 a.m.4 views

SUSE-SU-2025:01660-2 Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issues: Update to Mozilla Thunderbird 128.10.1. Security fixes: - MFSA 2025-34 bsc1243216 CVE-2025-3875: Sender Spoofing via Malformed From Header in Thunderbird. CVE-2025-3877: Unsolicited File Download, Disk Space Exhaustion, and Credential...

8.1CVSS5.9AI score0.00363EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/05/23 8:4 a.m.11 views

CVE-2024-51749

Element is a Matrix web client built using the Matrix React SDK. Versions of Element Web and Desktop earlier than 1.11.85 do not check if thumbnails for attachments, stickers and images are coherent. It is possible to add thumbnails to events trigger a file download once clicked. Fixed in...

3.5CVSS6.8AI score0.0033EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:50 p.m.6 views

CVE-2022-2981

The Download Monitor WordPress plugin before 4.5.98 does not ensure that files to be downloaded are inside the blog folders, and not sensitive, allowing high privilege users such as admin to download the wp-config.php or /etc/passwd even in an hardened environment or multisite setup...

4.9CVSS6.6AI score0.00859EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:11 a.m.14 views

CVE-2019-3415

ZTE MW NR8000V2.4.4.03 and NR8000V2.4.4.04 are impacted by path traversal vulnerability. Due to path traversal,users can download any files...

5.7CVSS7AI score0.00881EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:48 a.m.7 views

CVE-2019-19372

A downloadFile.php downloadfile path traversal vulnerability in rConfig through 3.9.3 allows attackers to list files in arbitrary folders and potentially download files. NOTE: the discoverer later reported that there was not a "fully working exploit...

7.5CVSS7AI score0.01454EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/04/27 1:34 a.m.4 views

CVE-2025-46579 ZTE GoldenDB Database product has a DDE injection vulnerability

There is a DDE injection vulnerability in the GoldenDB database product. Attackers can inject DDE expressions through the interface, and when users download and open the affected file, the DDE commands can be executed...

8.4CVSS8.5AI score0.00262EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/07 5:51 p.m.3 views

CVE-2024-13529

The SocialV - Social Network and Community BuddyPress Theme theme for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'socialvsenddownloadfile' function in all versions up to, and including, 2.0.15. This makes it possible for authenticated attackers...

6.5CVSS6.5AI score0.00373EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/01/23 2:53 a.m.14 views

CVE-2024-42187 HCL BigFix Patch Download Plug-ins are affected by path traversal vulnerability

BigFix Patch Download Plug-ins are affected by path traversal vulnerability. The application could allow operators to download files from a local repository which is vulnerable to path traversal attacks...

5.3CVSS0.00153EPSS
Exploits0References1
CVE
CVE
added 2025/01/23 1:5 a.m.48 views

CVE-2024-42182

The CVE-2024-42182 entry concerns HCL BigFix Patch Download Plug-ins and an SSRF flaw that can cause the application to fetch files from an internally hosted server (localhost). The root cause is a server-side request forgery vulnerability in the plug-ins’ handling of local requests. Reported imp...

2.5CVSS6.9AI score0.00116EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/12/26 12:0 a.m.7 views

PT-2023-32464 · WordPress · Hotel Booking Lite

Name of the Vulnerable Software and Affected Versions: Hotel Booking Lite WordPress plugin versions prior to 4.8.5 Description: The issue arises from the plugin's failure to validate file paths provided via user input and its lack of proper CSRF and authorisation checks. This allows unauthenticat...

9.8CVSS9.4AI score0.03313EPSS
Exploits2References7
OSV
OSV
added 2022/12/22 9:15 p.m.2 views

CVE-2022-43858

IBM Navigator for i 7.3, 7.4, and 7.5 could allow an authenticated user to access the file system and download files they are authorized to but not while using this interface. The remote authenticated user can bypass the interface checks by modifying a parameter thereby gaining access to their...

4.3CVSS5.8AI score
Exploits0References2
Rows per page
Query Builder