24 matches found
EUVD-2025-210155
An issue was discovered in Rakuten Send Anywhere File Transfer for Android com.estmob.android.sendanywhere 23.2.9. The vulnerability allows untrusted applications with no permissions to force arbitrary file downloads into the app's scoped storage. The resulting files appear in the application's...
CVE-2025-68713
An issue was discovered in Rakuten Send Anywhere File Transfer for Android com.estmob.android.sendanywhere 23.2.9. The vulnerability allows untrusted applications with no permissions to force arbitrary file downloads into the app's scoped storage. The resulting files appear in the application's...
Authorization Bypass Through User-Controlled Key
Overview pyload-ng is a The free and open-source Download Manager written in pure Python Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the ClickNLoad feature. An attacker can gain unauthorized access to endpoints intended for localhost by...
CVE-2026-33511
pyLoad is a free and open-source download manager written in Python. From version 0.4.20 to before version 0.5.0b3.dev97, the localcheck decorator in pyLoad's ClickNLoad feature can be bypassed by any remote attacker through HTTP Host header spoofing. This allows unauthenticated remote users to...
CVE-2026-33314
pyLoad is a free and open-source download manager written in Python. Prior to version 0.5.0b3.dev97, a Host Header Spoofing vulnerability in the @localcheck decorator allows unauthenticated external attackers to bypass local-only restrictions. This grants access to the Click'N'Load API endpoints,...
CVE-2026-33511
pyLoad is a free and open-source download manager written in Python. From version 0.4.20 to before version 0.5.0b3.dev97, the localcheck decorator in pyLoad's ClickNLoad feature can be bypassed by any remote attacker through HTTP Host header spoofing. This allows unauthenticated remote users to...
EUVD-2026-15001
pyLoad is a free and open-source download manager written in Python. From version 0.4.20 to before version 0.5.0b3.dev97, the localcheck decorator in pyLoad's ClickNLoad feature can be bypassed by any remote attacker through HTTP Host header spoofing. This allows unauthenticated remote users to...
CVE-2023-43955
The com.phlox.tvwebbrowser TV Bro application through 2.0.0 for Android mishandles external intents through WebView. This allows attackers to execute arbitrary code, create arbitrary files. and perform arbitrary downloads via JavaScript that uses takeBlobDownloadData...
EUVD-2016-7335
Malware in sbrugna...
PT-2025-40471
The Backup Bolt plugin for WordPress is vulnerable to arbitrary file downloads and backup location writes in all versions up to, and including, 1.4.1 via the process backup batch function. This makes it possible for authenticated attackers, with Administrator-level access and above, to download...
Content Injection
Next.js is vulnerable to content injection. The vulnerability is due to attacker-controlled external image sources being able to trigger file downloads with arbitrary content and filenames under specific configurations, which allows an attacker to perform phishing or deliver malicious files...
CVE-2025-55173 Next.js Content Injection Vulnerability for Image Optimization
Next.js is a React framework for building full-stack web applications. In versions before 14.2.31 and from 15.0.0 to before 15.4.5, Next.js Image Optimization is vulnerable to content injection. The issue allowed attacker-controlled external image sources to trigger file downloads with arbitrary...
CVE-2025-55173 Next.js Content Injection Vulnerability for Image Optimization
Next.js is a React framework for building full-stack web applications. In versions before 14.2.31 and from 15.0.0 to before 15.4.5, Next.js Image Optimization is vulnerable to content injection. The issue allowed attacker-controlled external image sources to trigger file downloads with arbitrary...
CVE-2021-20153
Trendnet AC2600 TEW-827DRU version 2.08B01 contains a symlink vulnerability in the bittorrent functionality. If enabled, the bittorrent functionality is vulnerable to a symlink attack that could lead to remote code execution on the device. If an end user inserts a flash drive with a malicious...
CVE-2023-43955
The com.phlox.tvwebbrowser TV Bro application through 2.0.0 for Android mishandles external intents through WebView. This allows attackers to execute arbitrary code, create arbitrary files. and perform arbitrary downloads via JavaScript that uses takeBlobDownloadData...
CVE-2023-43955
The com.phlox.tvwebbrowser TV Bro application through 2.0.0 for Android mishandles external intents through WebView. This allows attackers to execute arbitrary code, create arbitrary files. and perform arbitrary downloads via JavaScript that uses takeBlobDownloadData...
TV Bro Security Breach
TV Bro is truefedex Personal Developer's simple web browser for Android, optimized to work with TV remotes. A security vulnerability exists in truefedex TV Bro 2.0.0 and earlier versions, which stems from a WebView error handling, and allows an attacker to execute arbitrary code, create arbitrary...
PT-2023-29049 · Tv Bro · Tv Bro
Name of the Vulnerable Software and Affected Versions: com.phlox.tvwebbrowser TV Bro application through 2.0.0 for Android Description: The issue arises from the mishandling of external intents through WebView in the com.phlox.tvwebbrowser TV Bro application. This allows attackers to execute...
WordPress Download Manager < 3.1.18 - Unauthorised Download Duplication
The duplicate method, hooked to the admininit action did not have any CSRF and authorisation checks, allowing unauthorised users such as unauthenticated ones to duplicate arbitrary downloads PoC As an unauthenticated or authenticated user, open the following URL to duplicate the Download with id...
The vulnerability in the implementation of the Page.downloadBehavior backend of the Google Chrome browser allows a hacker to persuade users to install a malicious extension.
The vulnerability of the PagedownloadBehavior implementation in Google Chrome’s browser lies in the lack of restrictions on file downloads. Exploiting this vulnerability can allow a malicious actor to persuade a user to install a malicious extension through a specially created HTML page...