Lucene search
K

24 matches found

EUVD
EUVD
added 2026/06/15 9:30 p.m.6 views

EUVD-2025-210155

An issue was discovered in Rakuten Send Anywhere File Transfer for Android com.estmob.android.sendanywhere 23.2.9. The vulnerability allows untrusted applications with no permissions to force arbitrary file downloads into the app's scoped storage. The resulting files appear in the application's...

6AI score0.00284EPSS
Exploits0References2
NVD
NVD
added 2026/06/15 8:16 p.m.7 views

CVE-2025-68713

An issue was discovered in Rakuten Send Anywhere File Transfer for Android com.estmob.android.sendanywhere 23.2.9. The vulnerability allows untrusted applications with no permissions to force arbitrary file downloads into the app's scoped storage. The resulting files appear in the application's...

8CVSS0.00284EPSS
Exploits0References1
Snyk
Snyk
added 2026/03/24 8:32 p.m.5 views

Authorization Bypass Through User-Controlled Key

Overview pyload-ng is a The free and open-source Download Manager written in pure Python Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the ClickNLoad feature. An attacker can gain unauthorized access to endpoints intended for localhost by...

9.8CVSS6.2AI score0.00422EPSS
Exploits1References2
NVD
NVD
added 2026/03/24 8:16 p.m.17 views

CVE-2026-33511

pyLoad is a free and open-source download manager written in Python. From version 0.4.20 to before version 0.5.0b3.dev97, the localcheck decorator in pyLoad's ClickNLoad feature can be bypassed by any remote attacker through HTTP Host header spoofing. This allows unauthenticated remote users to...

9.8CVSS0.00422EPSS
Exploits1References1
NVD
NVD
added 2026/03/24 8:16 p.m.4 views

CVE-2026-33314

pyLoad is a free and open-source download manager written in Python. Prior to version 0.5.0b3.dev97, a Host Header Spoofing vulnerability in the @localcheck decorator allows unauthenticated external attackers to bypass local-only restrictions. This grants access to the Click'N'Load API endpoints,...

6.5CVSS0.00183EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/03/24 6:56 p.m.13 views

CVE-2026-33511

pyLoad is a free and open-source download manager written in Python. From version 0.4.20 to before version 0.5.0b3.dev97, the localcheck decorator in pyLoad's ClickNLoad feature can be bypassed by any remote attacker through HTTP Host header spoofing. This allows unauthenticated remote users to...

8.8CVSS6AI score0.00422EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2026/03/24 6:56 p.m.9 views

EUVD-2026-15001

pyLoad is a free and open-source download manager written in Python. From version 0.4.20 to before version 0.5.0b3.dev97, the localcheck decorator in pyLoad's ClickNLoad feature can be bypassed by any remote attacker through HTTP Host header spoofing. This allows unauthenticated remote users to...

8.8CVSS6AI score0.00422EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:40 p.m.5 views

CVE-2023-43955

The com.phlox.tvwebbrowser TV Bro application through 2.0.0 for Android mishandles external intents through WebView. This allows attackers to execute arbitrary code, create arbitrary files. and perform arbitrary downloads via JavaScript that uses takeBlobDownloadData...

9.8CVSS7.5AI score0.01262EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2016-7335

Malware in sbrugna...

6.5CVSS6.6AI score0.01105EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/10/03 12:0 a.m.11 views

PT-2025-40471

The Backup Bolt plugin for WordPress is vulnerable to arbitrary file downloads and backup location writes in all versions up to, and including, 1.4.1 via the process backup batch function. This makes it possible for authenticated attackers, with Administrator-level access and above, to download...

3.8CVSS6.1AI score0.0029EPSS
Exploits0References3
Veracode
Veracode
added 2025/09/29 4:51 a.m.6 views

Content Injection

Next.js is vulnerable to content injection. The vulnerability is due to attacker-controlled external image sources being able to trigger file downloads with arbitrary content and filenames under specific configurations, which allows an attacker to perform phishing or deliver malicious files...

4.3CVSS7.2AI score0.00509EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2025/08/29 10:0 p.m.4 views

CVE-2025-55173 Next.js Content Injection Vulnerability for Image Optimization

Next.js is a React framework for building full-stack web applications. In versions before 14.2.31 and from 15.0.0 to before 15.4.5, Next.js Image Optimization is vulnerable to content injection. The issue allowed attacker-controlled external image sources to trigger file downloads with arbitrary...

4.3CVSS6.7AI score0.00509EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/08/29 10:0 p.m.5 views

CVE-2025-55173 Next.js Content Injection Vulnerability for Image Optimization

Next.js is a React framework for building full-stack web applications. In versions before 14.2.31 and from 15.0.0 to before 15.4.5, Next.js Image Optimization is vulnerable to content injection. The issue allowed attacker-controlled external image sources to trigger file downloads with arbitrary...

4.3CVSS0.00509EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/22 8:58 p.m.4 views

CVE-2021-20153

Trendnet AC2600 TEW-827DRU version 2.08B01 contains a symlink vulnerability in the bittorrent functionality. If enabled, the bittorrent functionality is vulnerable to a symlink attack that could lead to remote code execution on the device. If an end user inserts a flash drive with a malicious...

6.9CVSS8.5AI score0.00958EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2023/12/27 9:15 p.m.4 views

CVE-2023-43955

The com.phlox.tvwebbrowser TV Bro application through 2.0.0 for Android mishandles external intents through WebView. This allows attackers to execute arbitrary code, create arbitrary files. and perform arbitrary downloads via JavaScript that uses takeBlobDownloadData...

9.8CVSS6.1AI score0.01262EPSS
Exploits1References5
OSV
OSV
added 2023/12/27 9:15 p.m.24 views

CVE-2023-43955

The com.phlox.tvwebbrowser TV Bro application through 2.0.0 for Android mishandles external intents through WebView. This allows attackers to execute arbitrary code, create arbitrary files. and perform arbitrary downloads via JavaScript that uses takeBlobDownloadData...

9.8CVSS7.6AI score
Exploits0References4
CNNVD
CNNVD
added 2023/12/27 12:0 a.m.4 views

TV Bro Security Breach

TV Bro is truefedex Personal Developer's simple web browser for Android, optimized to work with TV remotes. A security vulnerability exists in truefedex TV Bro 2.0.0 and earlier versions, which stems from a WebView error handling, and allows an attacker to execute arbitrary code, create arbitrary...

9.8CVSS7.3AI score0.01262EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2023/12/27 12:0 a.m.5 views

PT-2023-29049 · Tv Bro · Tv Bro

Name of the Vulnerable Software and Affected Versions: com.phlox.tvwebbrowser TV Bro application through 2.0.0 for Android Description: The issue arises from the mishandling of external intents through WebView in the com.phlox.tvwebbrowser TV Bro application. This allows attackers to execute...

9.8CVSS9.4AI score0.01262EPSS
Exploits1References9
WPVulnDB
WPVulnDB
added 2021/04/17 12:0 a.m.31 views

WordPress Download Manager < 3.1.18 - Unauthorised Download Duplication

The duplicate method, hooked to the admininit action did not have any CSRF and authorisation checks, allowing unauthorised users such as unauthenticated ones to duplicate arbitrary downloads PoC As an unauthenticated or authenticated user, open the following URL to duplicate the Download with id...

2.5AI score
Exploits0References1Affected Software1
BDU FSTEC
BDU FSTEC
added 2019/12/09 12:0 a.m.5 views

The vulnerability in the implementation of the Page.downloadBehavior backend of the Google Chrome browser allows a hacker to persuade users to install a malicious extension.

The vulnerability of the PagedownloadBehavior implementation in Google Chrome’s browser lies in the lack of restrictions on file downloads. Exploiting this vulnerability can allow a malicious actor to persuade a user to install a malicious extension through a specially created HTML page...

9.6CVSS7.7AI score0.01315EPSS
Exploits0References5Affected Software2
Rows per page
Query Builder