28 matches found
CVE-2026-53729
DataEase (open source data visualization/analysis tool) contains an IDOR in the ExportCenter area. Before version 2.10.24, an authenticated user could manipulate the task ID to download, delete, retry, or generate download links for export tasks belonging to other users; additionally, the /export...
CVE-2026-56768
Seahub before 13.0.23 does not enforce SHARELINKLOGINREQUIRED on GET /api/v2.1/share-link-zip-task/, allowing unauthenticated users to bypass authentication. Attackers with a folder share-link token can call the GET endpoint to obtain a fileserver zip token and download entire shared directory...
CVE-2026-52799
Gogs (version
CVE-2026-11414
A hard-coded cryptographic key is used by Altium Enterprise Server to sign file download URLs in the Vault service. Because the key is identical across all installations, an unauthenticated network attacker who can reach the server can forge valid download signatures and retrieve files from the...
CVE-2026-40496
CVE-2026-40496 affects FreeScout prior to version 1.8.213, where attachment download tokens were created with a weak formula: md5(APP_KEY + attachment_id + size). Because attachment_id is sequential and size brute-forcible, an unauthenticated attacker can forge valid tokens and download private a...
CVE-2025-63435
Xtooltech Xtool AnyScan Android Application 4.40.40 is Missing Authentication for Critical Function. The server-side endpoint responsible for serving update packages for the application does not require any authentication. This allows an unauthenticated remote attacker to freely download official...
CVE-2025-63435
Xtooltech Xtool AnyScan Android Application 4.40.40 is Missing Authentication for Critical Function. The server-side endpoint responsible for serving update packages for the application does not require any authentication. This allows an unauthenticated remote attacker to freely download official...
EUVD-2020-17741
Malware in sbrugna...
PT-2025-32317 · Suitecrm · Suitecrm
Name of the Vulnerable Software and Affected Versions: SuiteCRM version 7.14.6 Description: SuiteCRM is an open-source Customer Relationship Management CRM software application. A vulnerability exists that allows unauthenticated downloads of any file from the upload-directory, provided the file i...
CVE-2020-25048
An issue was discovered on Samsung mobile devices with Q10.0 with ONEUI 2.1 software. In the Lockscreen state, the Quick Share feature allows unauthenticated downloads, aka file injection. The Samsung ID is SVE-2020-17760 August 2020...
GO-2025-3401 matrix-media-repo (MMR) allows denial of service/high operating costs through unauthenticated downloads in github.com/t2bot/matrix-media-repo
matrix-media-repo MMR allows denial of service/high operating costs through unauthenticated downloads in github.com/t2bot/matrix-media-repo...
CVE-2024-36402
Matrix Media Repo MMR is a highly configurable multi-homeserver media repository for Matrix. MMR before version 1.3.5 allows, by design, unauthenticated remote participants to trigger a download and caching of remote media from a remote homeserver to the local media repository. Such content then...
CVE-2024-36403 Denial of service/high operating costs through unauthenticated downloads in Matrix Media Repo
Matrix Media Repo MMR is a highly configurable multi-homeserver media repository for Matrix. MMR before version 1.3.5 is vulnerable to unbounded disk consumption, where an unauthenticated adversary can induce it to download and cache large amounts of remote media files. MMR's typical operating...
CVE-2024-36403
CVE-2024-36403 affects Matrix Media Repo (MMR) before 1.3.5. An unauthenticated attacker can cause unbounded disk consumption by triggering MMR to download and cache large volumes of remote media. Deployments using file-backed storage or self-hosted S3 storage are vulnerable to a disk-fill denial...
CVE-2024-36403 Denial of service/high operating costs through unauthenticated downloads in Matrix Media Repo
Matrix Media Repo MMR is a highly configurable multi-homeserver media repository for Matrix. MMR before version 1.3.5 is vulnerable to unbounded disk consumption, where an unauthenticated adversary can induce it to download and cache large amounts of remote media files. MMR's typical operating...
matrix-media-repo (MMR) allows denial of service/high operating costs through unauthenticated downloads
Impact MMR before version 1.3.5 is vulnerable to unbounded disk consumption, where an unauthenticated adversary can induce it to download and cache large amounts of remote media files. MMR's typical operating environment uses S3-like storage as a backend, with file-backed store as an alternative...
GHSA-VC2M-HW89-QJXF matrix-media-repo (MMR) allows denial of service/high operating costs through unauthenticated downloads
Impact MMR before version 1.3.5 is vulnerable to unbounded disk consumption, where an unauthenticated adversary can induce it to download and cache large amounts of remote media files. MMR's typical operating environment uses S3-like storage as a backend, with file-backed store as an alternative...
CVE-2022-32157
Splunk Enterprise deployment servers in versions before 9.0 allow unauthenticated downloading of forwarder bundles. Remediation requires you to update the deployment server to version 9.0 and Configure authentication for deployment servers and clients...
CVE-2022-32157 Splunk Enterprise deployment servers allow unauthenticated forwarder bundle downloads
Splunk Enterprise deployment servers in versions before 9.0 allow unauthenticated downloading of forwarder bundles. Remediation requires you to update the deployment server to version 9.0 and Configure authentication for deployment servers and clients...
CVE-2021-43564
An issue was discovered in the jobfair aka Job Fair extension before 1.0.13 and 2.x before 2.0.2 for TYPO3. The extension fails to protect or obfuscate filenames of uploaded files. This allows unauthenticated users to download files with sensitive data by simply guessing the filename of uploaded...