3118 matches found
CVE-2026-1280
The Frontend File Manager Plugin for WordPress is vulnerable to unauthorized file sharing due to a missing capability check on the 'wpfmsendfileinemail' AJAX action in all versions up to, and including, 23.5. This makes it possible for unauthenticated attackers to share arbitrary uploaded files v...
CVE-2026-1280
The Frontend File Manager Plugin for WordPress is vulnerable to unauthorized file sharing due to a missing capability check on the 'wpfmsendfileinemail' AJAX action in all versions up to, and including, 23.5. This makes it possible for unauthenticated attackers to share arbitrary uploaded files v...
CVE-2026-1280
CVE-2026-1280 affects the WordPress Frontend File Manager Plugin, versions up to 23.5. The vulnerability stems from a missing capability check on the AJAX action wpfm_send_file_in_email, allowing unauthenticated attackers to share arbitrary uploaded files by supplying a file_id. File IDs are sequ...
EUVD-2026-4892
The Frontend File Manager Plugin for WordPress is vulnerable to unauthorized file sharing due to a missing capability check on the 'wpfmsendfileinemail' AJAX action in all versions up to, and including, 23.5. This makes it possible for unauthenticated attackers to share arbitrary uploaded files v...
CVE-2026-1280
The Frontend File Manager Plugin for WordPress is vulnerable to unauthorized file sharing due to a missing capability check on the 'wpfmsendfileinemail' AJAX action in all versions up to, and including, 23.5. This makes it possible for unauthenticated attackers to share arbitrary uploaded files v...
CVE-2026-1280 Frontend File Manager Plugin <= 23.5 - Missing Authorization to Unauthenticated Arbitrary File Sharing via 'file_id' Parameter
The Frontend File Manager Plugin for WordPress is vulnerable to unauthorized file sharing due to a missing capability check on the 'wpfmsendfileinemail' AJAX action in all versions up to, and including, 23.5. This makes it possible for unauthenticated attackers to share arbitrary uploaded files v...
CVE-2026-1280 Frontend File Manager Plugin <= 23.5 - Missing Authorization to Unauthenticated Arbitrary File Sharing via 'file_id' Parameter
The Frontend File Manager Plugin for WordPress is vulnerable to unauthorized file sharing due to a missing capability check on the 'wpfmsendfileinemail' AJAX action in all versions up to, and including, 23.5. This makes it possible for unauthenticated attackers to share arbitrary uploaded files v...
WordPress Frontend File Manager plugin plugin <= 23.5 - Missing Authorization to Unauthenticated Arbitrary File Sharing via 'file_id' Parameter vulnerability
Missing Authorization to Unauthenticated Arbitrary File Sharing via 'fileid' Parameter vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin Frontend File Manager versions = 23.5...
PT-2026-5093
The Frontend File Manager Plugin for WordPress is vulnerable to unauthorized file sharing due to a missing capability check on the 'wpfm send file in email' AJAX action in all versions up to, and including, 23.5. This makes it possible for unauthenticated attackers to share arbitrary uploaded fil...
WordPress Plugin Frontend File Manager Plugin Security Vulnerability
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...
Microsoft Windows File Explorer Information Disclosure Vulnerability (CNVD-2026-10674)
Microsoft Windows File Explorer is a file manager application from Microsoft USA. An information disclosure vulnerability exists in Microsoft Windows File Explorer, which can be exploited by attackers to obtain sensitive information...
Microsoft Windows File Explorer Information Disclosure Vulnerability (CNVD-2026-10673)
Microsoft Windows File Explorer is a file manager application from Microsoft USA. An information disclosure vulnerability exists in Microsoft Windows File Explorer, which can be exploited by attackers to obtain sensitive information...
WordPress Frontend File Manager plugin <= 23.5 - Insecure Direct Object References (IDOR) vulnerability
Insecure Direct Object References IDOR vulnerability discovered by Mdr in WordPress Plugin Frontend File Manager versions = 23.5...
CVE-2022-50890
Owlfiles File Manager 12.0.1 contains a path traversal vulnerability in its built-in HTTP server that allows attackers to access system directories. Attackers can exploit the vulnerability by crafting GET requests with directory traversal sequences to access restricted system directories on the...
MiracleLinux 3 : kdelibs-3.5.5-11.25AXS3 (AXSA:2009-427:02)
The remote MiracleLinux 3 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2009-427:02 advisory. KDE Libraries include: kdecore KDE core library, kdeui user interface, kfm file manager, khtmlw HTML widget, kio Input/Output, networking, kspell spelling...
CVE-2022-50891
Owlfiles File Manager 12.0.1 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts through the path parameter in HTTP server endpoints. Attackers can craft URLs targeting the download and list endpoints with embedded script tags to execute arbitrary...
CVE-2022-50890
Owlfiles File Manager 12.0.1 contains a path traversal vulnerability in its built-in HTTP server that allows attackers to access system directories. Attackers can exploit the vulnerability by crafting GET requests with directory traversal sequences to access restricted system directories on the...
CVE-2022-50890
Owlfiles File Manager 12.0.1 contains a path traversal vulnerability in its built-in HTTP server that allows attackers to access system directories. Attackers can exploit the vulnerability by crafting GET requests with directory traversal sequences to access restricted system directories on the...
CVE-2022-50891
Owlfiles File Manager 12.0.1 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts through the path parameter in HTTP server endpoints. Attackers can craft URLs targeting the download and list endpoints with embedded script tags to execute arbitrary...
CVE-2026-22804
Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. From 1.7.0 to 1.9.0, Stored Cross-Site Scripting XSS vulnerability exists in the Termix File Manager component. The application fails to sanitize SVG file content before rendering it. Thi...