Lucene search
K

28 matches found

CVE
CVE
added yesterday6 views

CVE-2026-53729

DataEase (open source data visualization/analysis tool) contains an IDOR in the ExportCenter area. Before version 2.10.24, an authenticated user could manipulate the task ID to download, delete, retry, or generate download links for export tasks belonging to other users; additionally, the /export...

8.7CVSS5.9AI score
Exploits0References3
NVD
NVD
added 2026/06/25 7:16 p.m.7 views

CVE-2026-56768

Seahub before 13.0.23 does not enforce SHARELINKLOGINREQUIRED on GET /api/v2.1/share-link-zip-task/, allowing unauthenticated users to bypass authentication. Attackers with a folder share-link token can call the GET endpoint to obtain a fileserver zip token and download entire shared directory...

8.8CVSS0.00381EPSS
Exploits0References5
CVE
CVE
added 2026/06/24 8:19 p.m.12 views

CVE-2026-52799

Gogs (version

7.5CVSS5.9AI score0.00422EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/07 12:43 a.m.13 views

CVE-2026-11414

A hard-coded cryptographic key is used by Altium Enterprise Server to sign file download URLs in the Vault service. Because the key is identical across all installations, an unauthenticated network attacker who can reach the server can forge valid download signatures and retrieve files from the...

10CVSS5.6AI score0.00478EPSS
Exploits0References1
CVE
CVE
added 2026/04/21 1:38 a.m.17 views

CVE-2026-40496

CVE-2026-40496 affects FreeScout prior to version 1.8.213, where attachment download tokens were created with a weak formula: md5(APP_KEY + attachment_id + size). Because attachment_id is sequential and size brute-forcible, an unauthenticated attacker can forge valid tokens and download private a...

9.3CVSS5.7AI score0.00403EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2025/11/24 5:16 p.m.4 views

CVE-2025-63435

Xtooltech Xtool AnyScan Android Application 4.40.40 is Missing Authentication for Critical Function. The server-side endpoint responsible for serving update packages for the application does not require any authentication. This allows an unauthenticated remote attacker to freely download official...

4.3CVSS0.00328EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/11/24 12:0 a.m.3 views

CVE-2025-63435

Xtooltech Xtool AnyScan Android Application 4.40.40 is Missing Authentication for Critical Function. The server-side endpoint responsible for serving update packages for the application does not require any authentication. This allows an unauthenticated remote attacker to freely download official...

6.7AI score0.00328EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-17741

Malware in sbrugna...

4.6CVSS5.8AI score0.00171EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/08/07 12:0 a.m.5 views

PT-2025-32317 · Suitecrm · Suitecrm

Name of the Vulnerable Software and Affected Versions: SuiteCRM version 7.14.6 Description: SuiteCRM is an open-source Customer Relationship Management CRM software application. A vulnerability exists that allows unauthenticated downloads of any file from the upload-directory, provided the file i...

3.7CVSS6.6AI score0.00218EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added 2025/05/22 5:1 p.m.7 views

CVE-2020-25048

An issue was discovered on Samsung mobile devices with Q10.0 with ONEUI 2.1 software. In the Lockscreen state, the Quick Share feature allows unauthenticated downloads, aka file injection. The Samsung ID is SVE-2020-17760 August 2020...

4.6CVSS7.6AI score0.00171EPSS
Exploits0
OSV
OSV
added 2025/01/16 9:49 p.m.5 views

GO-2025-3401 matrix-media-repo (MMR) allows denial of service/high operating costs through unauthenticated downloads in github.com/t2bot/matrix-media-repo

matrix-media-repo MMR allows denial of service/high operating costs through unauthenticated downloads in github.com/t2bot/matrix-media-repo...

7.5CVSS5.6AI score0.00675EPSS
Exploits0References1
NVD
NVD
added 2025/01/16 8:15 p.m.5 views

CVE-2024-36402

Matrix Media Repo MMR is a highly configurable multi-homeserver media repository for Matrix. MMR before version 1.3.5 allows, by design, unauthenticated remote participants to trigger a download and caching of remote media from a remote homeserver to the local media repository. Such content then...

5.3CVSS0.00529EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/01/16 7:16 p.m.14 views

CVE-2024-36403 Denial of service/high operating costs through unauthenticated downloads in Matrix Media Repo

Matrix Media Repo MMR is a highly configurable multi-homeserver media repository for Matrix. MMR before version 1.3.5 is vulnerable to unbounded disk consumption, where an unauthenticated adversary can induce it to download and cache large amounts of remote media files. MMR's typical operating...

5.3CVSS0.00675EPSS
Exploits0References2
CVE
CVE
added 2025/01/16 7:16 p.m.55 views

CVE-2024-36403

CVE-2024-36403 affects Matrix Media Repo (MMR) before 1.3.5. An unauthenticated attacker can cause unbounded disk consumption by triggering MMR to download and cache large volumes of remote media. Deployments using file-backed storage or self-hosted S3 storage are vulnerable to a disk-fill denial...

7.5CVSS5.5AI score0.00675EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2025/01/16 7:16 p.m.5 views

CVE-2024-36403 Denial of service/high operating costs through unauthenticated downloads in Matrix Media Repo

Matrix Media Repo MMR is a highly configurable multi-homeserver media repository for Matrix. MMR before version 1.3.5 is vulnerable to unbounded disk consumption, where an unauthenticated adversary can induce it to download and cache large amounts of remote media files. MMR's typical operating...

5.3CVSS5.8AI score0.00675EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2025/01/16 7:5 p.m.8 views

matrix-media-repo (MMR) allows denial of service/high operating costs through unauthenticated downloads

Impact MMR before version 1.3.5 is vulnerable to unbounded disk consumption, where an unauthenticated adversary can induce it to download and cache large amounts of remote media files. MMR's typical operating environment uses S3-like storage as a backend, with file-backed store as an alternative...

7.5CVSS6.9AI score0.00675EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2025/01/16 7:5 p.m.6 views

GHSA-VC2M-HW89-QJXF matrix-media-repo (MMR) allows denial of service/high operating costs through unauthenticated downloads

Impact MMR before version 1.3.5 is vulnerable to unbounded disk consumption, where an unauthenticated adversary can induce it to download and cache large amounts of remote media files. MMR's typical operating environment uses S3-like storage as a backend, with file-backed store as an alternative...

5.3CVSS5.6AI score0.00675EPSS
Exploits0References5
OSV
OSV
added 2022/06/15 5:15 p.m.4 views

CVE-2022-32157

Splunk Enterprise deployment servers in versions before 9.0 allow unauthenticated downloading of forwarder bundles. Remediation requires you to update the deployment server to version 9.0 and Configure authentication for deployment servers and clients...

7.5CVSS5.8AI score0.01256EPSS
Exploits0References4
Cvelist
Cvelist
added 2022/06/15 4:50 p.m.20 views

CVE-2022-32157 Splunk Enterprise deployment servers allow unauthenticated forwarder bundle downloads

Splunk Enterprise deployment servers in versions before 9.0 allow unauthenticated downloading of forwarder bundles. Remediation requires you to update the deployment server to version 9.0 and Configure authentication for deployment servers and clients...

7.5CVSS7.9AI score0.01256EPSS
Exploits0References4
OSV
OSV
added 2021/11/10 4:15 p.m.4 views

CVE-2021-43564

An issue was discovered in the jobfair aka Job Fair extension before 1.0.13 and 2.x before 2.0.2 for TYPO3. The extension fails to protect or obfuscate filenames of uploaded files. This allows unauthenticated users to download files with sensitive data by simply guessing the filename of uploaded...

7.5CVSS5.8AI score0.00997EPSS
Exploits0References1
Rows per page
Query Builder