EUVD-2025-204627

The F70 Lead Document Download plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'filedownload' function in all versions up to, and including, 1.4.4. This makes it possible for unauthenticated attackers to download any file from the WordPre...

CVE-2025-14633

CVE-2025-14633 affects the F70 Lead Document Download plugin for WordPress (versions ≤ 1.4.4). A missing capability check in the file_download function allows unauthenticated attackers to download any media-library file by enumerating attachment IDs. Wordfence’s entry for this CVE notes the patch...

PT-2025-52542

Name of the Vulnerable Software and Affected Versions F70 Lead Document Download plugin for WordPress versions through 1.4.4 Description The F70 Lead Document Download plugin for WordPress has a flaw that allows unauthorized access to data. This is due to a missing capability check within the fil...

CVE-2020-26176

An issue was discovered in tangro Business Workflow before 1.18.1. No or broken access control checks exist on the /api/document//attachments API endpoint. Knowing a document ID, an attacker can list all the attachments of a workitem, including their respective IDs. This allows the attacker to...

FreeBSD : bugzilla -- multiple vulnerabilities (58253655-d82c-11e1-907c-20cf30e32f6d)

A Bugzilla Security Advisory reports : The following security issues have been discovered in Bugzilla : Information Leak Versions: 4.1.1 to 4.2.1, 4.3.1 In HTML bugmails, all bug IDs and attachment IDs are linkified, and hovering these links displays a tooltip with the bug summary or the attachme...

bugzilla -- multiple vulnerabilities

A Bugzilla Security Advisory reports: The following security issues have been discovered in Bugzilla: Information Leak Versions: 4.1.1 to 4.2.1, 4.3.1 In HTML bugmails, all bug IDs and attachment IDs are linkified, and hovering these links displays a tooltip with the bug summary or the attachment...