5 Unexpected Devices You Didn’t Know Could Spread Malware

When you think of malware, your mind probably jumps to malicious downloads or email attachments. But it turns…...

CVE-2024-10366

An improper access control vulnerability IDOR exists in the delete attachments functionality of danny-avila/librechat version v0.7.5-rc2. The endpoint does not verify whether the provided attachment ID belongs to the current user, allowing any authenticated user to delete attachments of other use...

SMF（Simple Machines Forum） 跨站脚本漏洞

SMF Simple Machines Forum is a free, open source community forum project by Simple Machines Open Source. A cross-site scripting vulnerability exists in SMF Simple Machines Forum version 2.1.4, which stems from improper manipulation of the Notice parameter in the ManageAttachments.php file, and...

CVE-2024-10366

An improper access control vulnerability IDOR exists in the delete attachments functionality of danny-avila/librechat version v0.7.5-rc2. The endpoint does not verify whether the provided attachment ID belongs to the current user, allowing any authenticated user to delete attachments of other use...

CVE-2024-10366

An improper access control vulnerability IDOR exists in the delete attachments functionality of danny-avila/librechat version v0.7.5-rc2. The endpoint does not verify whether the provided attachment ID belongs to the current user, allowing any authenticated user to delete attachments of other use...

CVE-2024-10366 IDOR in delete attachments in danny-avila/librechat

An improper access control vulnerability IDOR exists in the delete attachments functionality of danny-avila/librechat version v0.7.5-rc2. The endpoint does not verify whether the provided attachment ID belongs to the current user, allowing any authenticated user to delete attachments of other use...

CVE-2024-10366 IDOR in delete attachments in danny-avila/librechat

An improper access control vulnerability IDOR exists in the delete attachments functionality of danny-avila/librechat version v0.7.5-rc2. The endpoint does not verify whether the provided attachment ID belongs to the current user, allowing any authenticated user to delete attachments of other use...

CVE-2024-10366

The CVE-2024-10366 vulnerability affects danny-avila/librechat v0.7.5-rc2, where the delete-attachments endpoint does not verify that the attachment ID belongs to the current user. This IDOR allows any authenticated user (low privileges) to delete attachments of other users, with a network-style ...

PT-2025-12040 · Librechat · Librechat

Name of the Vulnerable Software and Affected Versions: danny-avila/librechat version v0.7.5-rc2 Description: An improper access control vulnerability exists in the delete attachments functionality. The endpoint does not verify whether the provided attachment ID belongs to the current user, allowi...

Exploit for Missing Authorization in Directsoftware Order_Attachments_For_Woocommerce

🚀 WooCommerce Arbitrary File Upload Exploit CVE-2024-9756...

SAP S4 HANA 安全漏洞

SAP S4 HANA is a software for improving database efficiency from SAP, a German company. An access control error vulnerability exists in SAP S4 HANA that stems from a failure to perform required access control checks and can be exploited by an attacker to delete attachments...

Linux Distros Unpatched Vulnerability : CVE-2024-30204

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Emacs before 29.3, LaTeX preview is enabled by default for e-mail attachments. CVE-2024-30204 Note that Nessus relies on the presence of the package as...

CVE-2025-26319

FlowiseAI Flowise v2.2.6 was discovered to contain an arbitrary file upload vulnerability in /api/v1/attachments...

CVE-2025-26319

FlowiseAI Flowise v2.2.6 was discovered to contain an arbitrary file upload vulnerability in /api/v1/attachments...

Linux Distros Unpatched Vulnerability : CVE-2020-11879

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in GNOME Evolution before 3.35.91. By using the proprietary non-RFC6068 mailto?attach=... parameter, a website or other source of mailto...

Malicious code in oj-sp-attachments-common (npm)

--- -= Per source details. Do not edit below this line.=-...

CVE-2024-13611

The Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.9 via the 'bp-better-messages' directory. This makes it possible for unauthenticated attacke...

CVE-2024-13611

CVE-2024-13611 affects the WordPress plugin Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss. The issue is Unauthenticated Sensitive Information Exposure via the bp-better-messages directory, allowing retrieval of potentially sensitive attachments stored u...

CVE-2024-13568

CVE-2024-13568 affects Fluent Support – Helpdesk & Customer Support Ticket System (WordPress). All versions up to 1.8.5 expose sensitive data stored in /wp-content/uploads/fluent-support to unauthenticated attackers via the directory, enabling information disclosure. The vulnerability is associat...

CVE-2024-13638

The Order Attachments for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.5.1 via the 'uploads' directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in the...