Lucene search
K

13 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:21 p.m.12 views

CVE-2026-29205

Incorrect privileges management and insufficient path filtering allow to read arbitrary file on the server via the cpdavd attachment download endpoints...

8.6CVSS5.6AI score0.07244EPSS
Exploits0References1
NVD
NVD
added 2026/05/13 10:16 p.m.30 views

CVE-2026-29205

Incorrect privileges management and insufficient path filtering allow to read arbitrary file on the server via the cpdavd attachment download endpoints...

8.6CVSS0.07244EPSS
Exploits0References1
CVE
CVE
added 2026/05/13 10:6 p.m.25 views

CVE-2026-29205

The CVE-2026-29205 issue affects cPanel & WHM. The vulnerability arises from incorrect privileges management and insufficient path filtering, enabling an attacker to read arbitrary files on the server via the cpdavd attachment download endpoints. PT Security reports indicate multiple vulnerabilit...

8.6CVSS5.9AI score0.07244EPSS
Exploits0References1
NVD
NVD
added 2026/04/27 3:16 p.m.8 views

CVE-2026-40514

SmarterTools SmarterMail builds prior to 9610 contain a cryptographic weakness in the file and email sharing endpoints that use DES-CBC encryption with keys and initialization vectors derived from System.Random seeded with insufficient entropy, reducing the seed space to approximately 19,000...

9.1CVSS0.00155EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/07 6:21 p.m.3 views

CVE-2026-39348 OrangeHRM is Missing Authorization Checks in AbstractFileController Subclasses Expose Job Specification and Vacancy Attachments

OrangeHRM is a comprehensive human resource management HRM system. From 5.0 to 5.8, OrangeHRM Open Source omits authorization on job specification and vacancy attachment download handlers, allowing authenticated low-privilege users to read attachments via direct reference to attachment identifier...

5.3CVSS5.9AI score0.00165EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/12 12:0 a.m.39 views

CVE-2025-66955

Local File Inclusion in Contact Plan, E-Mail, SMS and Fax components in Asseco SEE Live 2.0 allows remote authenticated users to access files on the host via "path" parameter in the downloadAttachment and downloadAttachmentFromPath API calls...

0.0027EPSS
Exploits0References2
OSV
OSV
added 2026/03/03 6:10 p.m.6 views

GHSA-W76H-8M22-HPGH OpenClaw's MSTeams attachment redirect handling could bypass configured media host allowlists

Summary In OpenClaw MSTeams media download flows, redirect handling could bypass configured mediaAllowHosts checks in specific attachment paths. Redirect chains were not consistently constrained to allowlisted targets before accepting fetched content. Affected Packages / Versions - Package:...

8.7CVSS5.9AI score0.00172EPSS
Exploits0References6
Snyk
Snyk
added 2026/01/23 8:17 p.m.3 views

Access Control Bypass

Overview thorsten/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to Access Control Bypass via a permissive permission check in attachment.php. An attacker can gain unauthorized access to download attachments by exploitin...

7.1CVSS5.9AI score0.0042EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2020-25289

Malware in sbrugna...

5.4CVSS5.5AI score0.00926EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/08/07 9:15 p.m.3 views

CVE-2025-54787 SuiteCRM: Improper Authorization for attachment downloads

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. There is a vulnerability in SuiteCRM version 7.14.6 which allows unauthenticated downloads of any file from the upload-directory, as long as it is named by an ID e.g. attachments. An...

3.7CVSS6.2AI score0.00234EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/07/27 12:0 a.m.4 views

PT-2022-22202 · Sims · Sims

Name of the Vulnerable Software and Affected Versions: Sims version 1.0 Description: The issue allows path traversal when downloading attachments. Recommendations: For Sims version 1.0, consider restricting access to attachment downloads until a patch is available...

6.5CVSS6.5AI score0.00867EPSS
Exploits1References3
Cvelist
Cvelist
added 2022/05/23 3:34 p.m.24 views

CVE-2021-41714

In Tipask 3.5.9, path parameters entered by the user are not validated when downloading attachments, a registered user can download arbitrary files on the Tipask server such as .env, /etc/passwd, laravel.log, causing infomation leakage...

7.7CVSS7.7AI score0.00603EPSS
Exploits1References3
NVD
NVD
added 2016/08/25 6:59 p.m.17 views

CVE-2016-4069

Cross-site request forgery CSRF vulnerability in Roundcube Webmail before 1.1.5 allows remote attackers to hijack the authentication of users for requests that download attachments and cause a denial of service disk consumption via unspecified vectors...

8.8CVSS8.7AI score0.02713EPSS
Exploits0References8
Rows per page
Query Builder