10 matches found
CVE-2026-27892 FacturaScripts: Unstripped Image Metadata (EXIF) Leakage via Library Module File Upload/Download
FacturaScripts is an open source accounting and invoicing software. In versions prior to 2026, the Library module stores and serves uploaded images byte-for-byte, without stripping EXIF/XMP/IPTC metadata. Any authenticated user who downloaded an image could extract the uploader's embedded metadat...
CVE-2026-42883 Audiobookshelf: Cross-library file exfiltration via unscoped bulk download endpoint
Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.32.2, the GET /api/libraries/:id/download endpoint validates that the requesting user has access to the library specified in the URL path, but fetches downloadable items solely by attacker-provided IDs without constraining...
CVE-2026-42277 Onyx: IDOR in /chat/file/{file_id} allows any authenticated user to download other users files
Onyx is an open-source AI platform. Prior to versions 3.0.9, 3.1.6, and 3.2.6, the GET /chat/file/fileid endpoint allows any authenticated user to download any other user's uploaded files by providing the file UUID. The endpoint verifies the caller is authenticated but never checks that the file...
CVE-2018-25145 Microhard Systems IPn4G 1.1.0 Configuration Disclosure via Authenticated Download
Microhard Systems IPn4G 1.1.0 contains a configuration file disclosure vulnerability that allows authenticated attackers to download sensitive system configuration files. Attackers can retrieve configuration files from multiple directories including '/www', '/etc/mcli/', and '/tmp' to access syst...
PT-2025-45386
Name of the Vulnerable Software and Affected Versions Jellysweep versions 0.12.1 and below Description Jellysweep is a cleanup tool for the Jellyfin media server. The /api/images/cache API endpoint accepts a URL parameter that is directly passed to a cache package, allowing the server to download...
CVE-2025-55455
DooTask v1.0.51 was dicovered to contain an authenticated arbitrary download vulnerability via the component /msg/sendtext...
CVE-2025-55455
DooTask v1.0.51 was dicovered to contain an authenticated arbitrary download vulnerability via the component /msg/sendtext...
PT-2025-34498 · Dootask · Dootask
Name of the Vulnerable Software and Affected Versions: DooTask version 1.0.51 Description: DooTask version 1.0.51 contains an authenticated arbitrary download vulnerability within the /msg/sendtext component. Recommendations: At the moment, there is no information about a newer version that...
CVE-2024-7744
In WSFTP Server versions before 8.8.8 2022.0.8, an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in the Web Transfer Module allows File Discovery, Probe System Files, User-Controlled Filename, Path Traversal. An authenticated file download flaw has...
PT-2024-38552 · Ipswitch · Ws Ftp Server
Name of the Vulnerable Software and Affected Versions: WS FTP Server versions prior to 8.8.8 2022.0.8 Description: A vulnerability in the Web Transfer Module of WS FTP Server allows for Path Traversal, enabling file discovery, probing of system files, and user-controlled filename manipulation. An...