Lucene search
K

2690 matches found

Nuclei
Nuclei
added 6 hours ago23 views

Longjing Technology BEMS API 1.21 - Unauthenticated Arbitrary File Download

Longjing Technology BEMS API 1.21 is vulnerable to local file inclusion. Input passed through the fileName parameter through the downloads API endpoint is not properly verified before being used to download files. This can be exploited to disclose the contents of arbitrary and sensitive files...

8.7CVSS7.1AI score0.01461EPSS
Exploits1References5
Nuclei
Nuclei
added 6 hours ago60 views

WordPress Eventin (Themewinter) ≤ 4.0.26 - Arbitrary File Download

Themewinter Eventin contains a path traversal caused by relative path manipulation, letting attackers access arbitrary files on the server, exploit requires no specific privileges or user interaction. id: CVE-2025-47445 info: name: WordPress Eventin Themewinter ≤ 4.0.26 - Arbitrary File Download...

9.8CVSS7.1AI score0.0465EPSS
Exploits1References3
Nuclei
Nuclei
added 6 hours ago71 views

Wipro Holmes Orchestrator 20.4.1 - Arbitrary File Download

The File Download API in Wipro Holmes Orchestrator 20.4.1 20.4.102112020 allows remote attackers to read arbitrary files via absolute path traversal in the SearchString JSON field in /home/download POST data. id: CVE-2021-38146 info: name: Wipro Holmes Orchestrator 20.4.1 - Arbitrary File Downloa...

7.5CVSS7.1AI score0.11733EPSS
Exploits3References4
CVE
CVE
added yesterday9 views

CVE-2026-57815

CVE-2026-57815 documents a path traversal vulnerability in the WordPress plugin Forminator (WPMU DEV Your All-in-One WordPress Platform Forminator) affecting version range up to and including 1.55.0.2. The issue is described as Improper Limitation of a Pathname to a Restricted Directory, enabling...

7.5CVSS6.1AI score0.00503EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday17 views

CVE-2026-57815 WordPress Forminator plugin <= 1.55.0.2 - Arbitrary File Download vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in WPMU DEV - Your All-in-One WordPress Platform Forminator forminator allows Path Traversal.This issue affects Forminator: from n/a through = 1.55.0.2...

7.5CVSS0.00503EPSS
Exploits0References1
Patchstack
Patchstack
added 6 days ago7 views

WordPress Forminator plugin <= 1.55.0.2 - Arbitrary File Download vulnerability

Arbitrary File Download vulnerability discovered by daroo in WordPress Plugin Forminator versions = 1.55.0.2...

7.5CVSS6.1AI score0.00503EPSS
Exploits0Affected Software1
CVE
CVE
added 2026/06/23 6:0 a.m.14 views

CVE-2026-8379

The CVE-2026-8379 entry concerns the Frontend File Manager Plugin for WordPress (≤ 23.6). The vulnerability is a failure to properly enforce nonce verification on the file download handler, enabling unauthenticated attackers to download files uploaded by any user by iterating identifiers. The iss...

7.5CVSS5.9AI score0.0024EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/17 6:35 p.m.13 views

EUVD-2026-37647

Unauthenticated Arbitrary File Download in WP Media folder Addon = 4.0.1 versions...

7.5CVSS5.2AI score0.00467EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/17 6:35 p.m.12 views

EUVD-2026-37593

CP Client Arbitrary File Download in Client Portal Pro = 5.6.2 versions...

6.5CVSS5.2AI score0.00412EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/17 6:35 p.m.11 views

EUVD-2026-37656

Subscriber Arbitrary File Download in Woocommerce Book Price = 1.3 versions...

7.5CVSS5.2AI score0.00467EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 1:21 p.m.10 views

CVE-2026-9690

Unauthenticated Arbitrary File Download in WP Media folder Addon = 4.0.1 versions...

7.5CVSS0.00467EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 1:20 p.m.10 views

CVE-2026-40724

CP Client Arbitrary File Download in Client Portal Pro = 5.6.2 versions...

6.5CVSS0.00412EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 1:19 p.m.11 views

CVE-2025-69131

Unauthenticated Arbitrary File Download in WordPress & WooCommerce Scraper Plugin, Import Data from Any Site = 1.0.7 versions...

7.5CVSS0.00467EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 1:19 p.m.11 views

CVE-2025-49403

Unauthenticated Arbitrary File Download in Premium Age Verification / Restriction for WordPress = 3.0.2 versions...

7.5CVSS0.00294EPSS
Exploits0References1
CVE
CVE
added 2026/06/17 9:50 a.m.11 views

CVE-2026-40724

CVE-2026-40724 concerns the WordPress Client Portal (Pro) plugin, affected versions &lt;= 5.6.2. The vulnerability is described as an Arbitrary File Download in CP Client Arbitrary File Download for Client Portal (Pro)

6.5CVSS5.2AI score0.00412EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 9:50 a.m.31 views

CVE-2026-40724 WordPress Client Portal (Pro) plugin <= 5.6.2 - Arbitrary File Download vulnerability

CP Client Arbitrary File Download in Client Portal Pro = 5.6.2 versions...

6.5CVSS0.00412EPSS
Exploits0References1
CVE
CVE
added 2026/06/17 9:50 a.m.10 views

CVE-2026-22334

CVE-2026-22334 concerns the WordPress Woocommerce Book Price plugin (&lt;= 1.3). The vulnerability is an Arbitrary File Download that requires authentication (Subscriber level or higher). The CVE entry notes an authenticated path to download arbitrary files, with a base CVSS v3.1 score of 7.5 (HI...

7.5CVSS5.2AI score0.00467EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 9:50 a.m.30 views

CVE-2026-22334 WordPress Woocommerce Book Price plugin <= 1.3 - Arbitrary File Download vulnerability

Subscriber Arbitrary File Download in Woocommerce Book Price = 1.3 versions...

7.5CVSS0.00467EPSS
Exploits0References1
CVE
CVE
added 2026/06/17 9:50 a.m.17 views

CVE-2026-9690

CVE-2026-9690 concerns the WordPress WP Media folder Addon plugin (versions &lt;= 4.0.1). The vulnerability is an unauthenticated arbitrary file download, enabling an attacker to download arbitrary files from the affected site without authentication. The issue is associated with the WP Media fold...

7.5CVSS5.2AI score0.00467EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 9:50 a.m.31 views

CVE-2026-9690 WordPress WP Media folder Addon plugin <= 4.0.1 - Arbitrary File Download vulnerability

Unauthenticated Arbitrary File Download in WP Media folder Addon = 4.0.1 versions...

7.5CVSS0.00467EPSS
Exploits0References1
Rows per page
Query Builder