Kaseya VSA < 9.5.7 - Credential Disclosure via Windows Agent

Kaseya VSA before 9.5.7 allows credential disclosure, as exploited in the wild in July 2021. By default Kaseya VSA on premise offers a download page where the clients for the installation can be downloaded. The default URL for this page is https://x.x.x.x/dl.asp When an attacker download a client...

CVE-2026-52799

Gogs is an open source self-hosted Git service. Prior to 0.14.3, GET /attachments/:uuid returns the raw attachment file without verifying whether the requester has view permission for the associated Issue/Comment/Release or the repository. In a test environment with REQUIRESIGNINVIEW = false, we...

EUVD-2025-210217

Unauthenticated Arbitrary File Download in Premium Age Verification / Restriction for WordPress = 3.0.2 versions...

CVE-2017-20250 WordPress Plugin Mac Photo Gallery 3.0 Arbitrary File Download

Mac Photo Gallery 3.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary files by manipulating the albid parameter. Attackers can send requests to macdownload.php with directory traversal sequences to access sensitive files like wp-load.php outside...

EUVD-2017-18974

Apptha Slider Gallery 1.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary files by manipulating the imgname parameter. Attackers can send requests to asgallDownload.php with directory traversal sequences ../ to access sensitive files outside the...

EUVD-2026-33282

Incorrect permission settings on a critical resource in Suprema BioStar 2 versions 2.9.3 through 2.9.11 that allow backup files to be publicly exposed when the administrator configures their path within the NGINX webroot. This vulnerability allows an attacker with network access to directly...

CVE-2026-9508

Incorrect permission settings on a critical resource in Suprema BioStar 2 versions 2.9.3 through 2.9.11 that allow backup files to be publicly exposed when the administrator configures their path within the NGINX webroot. This vulnerability allows an attacker with network access to directly...

CVE-2026-9508 Incorrect Permission Assignment for Critical Resource vulnerability in Suprema's BioStar

Incorrect permission settings on a critical resource in Suprema BioStar 2 versions 2.9.3 through 2.9.11 that allow backup files to be publicly exposed when the administrator configures their path within the NGINX webroot. This vulnerability allows an attacker with network access to directly...

PT-2026-44832

Incorrect permission settings on a critical resource in Suprema BioStar 2 versions 2.9.3 through 2.9.11 that allow backup files to be publicly exposed when the administrator configures their path within the NGINX webroot. This vulnerability allows an attacker with network access to directly...

EUVD-2026-30225

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an unauthenticated user to download private debugging symbols from inaccessible projects due to improper access control...

CVE-2026-40496 FreeScout has Predictable Attachment Token that Allows Unauthenticated Private File Download via Brute Force

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, attachment download tokens are generated using a weak and predictable formula: md5APPKEY + attachmentid + size. Since attachmentid is sequential and size can be brute-forced in a small range, an unauthenticate...

Tenda D301 and Tenda D151 Access Control Error Vulnerabilities

Tenda D301 is a wireless router.Tenda D151 is a wireless router. An access control error vulnerability exists in the Tenda D301 and Tenda D151 that stems from the presence of an unauthenticated configuration download on the /goform/getimage endpoint, which can be exploited by an attacker to cause...

CVE-2025-57795 Unauthenticated Remote File Download in Explorance Blue

Explorance Blue versions prior to 8.14.13 contain an authenticated remote file download vulnerability in a web service component. In default configurations, this flaw can be leveraged to achieve remote code execution...

CVE-2020-36963

Intelbras Router RF 301K firmware version 1.1.2 contains an authentication bypass vulnerability that allows unauthenticated attackers to download router configuration files. Attackers can send a specific HTTP GET request to /cgi-bin/DownloadCfg/RouterCfm.cfg to retrieve sensitive router...

EUVD-2020-30886

Intelbras Router RF 301K firmware version 1.1.2 contains an authentication bypass vulnerability that allows unauthenticated attackers to download router configuration files. Attackers can send a specific HTTP GET request to /cgi-bin/DownloadCfg/RouterCfm.cfg to retrieve sensitive router...

Tenda D301和Tenda D151 访问控制错误漏洞

Tenda D301 is a wireless router.Tenda D151 is a wireless router. An access control error vulnerability exists in the Tenda D301 and Tenda D151 that stems from the presence of an unauthenticated configuration download on the /goform/getimage endpoint, which can be exploited by an attacker to cause...

CVE-2021-47760

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority as a duplicate...

PT-2026-3036

Name of the Vulnerable Software and Affected Versions TestLink versions 1.16 through 1.19 Description The software contains an unauthenticated file download issue. An attacker can download arbitrary files by manipulating the id parameter in the ''attachmentdownload.php'' endpoint, utilizing...

CVE-2025-14738

Improper authentication vulnerability in TP-Link WA850RE httpd modules allows unauthenticated attackers to download the configuration file.This issue affects: ≤ WA850RE V2160527, ≤ WA850RE V3160922...

CVE-2025-14738 Configuration Disclosure Vulnerability in TP-Link WA850RE

Improper authentication vulnerability in TP-Link WA850RE httpd modules allows unauthenticated attackers to download the configuration file.This issue affects: ≤ WA850RE V2160527, ≤ WA850RE V3160922...