Lucene search
K

26 matches found

Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.15 views

PT-2026-45047

Name of the Vulnerable Software and Affected Versions Koel versions prior to 9.3.5 Description Koel fails to validate individual episode enclosure URLs extracted from RSS XML feeds, despite validating the main podcast feed URL. These unvalidated URLs are stored in the database and subsequently...

7.7CVSS5.3AI score0.00263EPSS
Exploits0References8
CVE
CVE
added 2026/02/10 3:1 a.m.22 views

CVE-2026-0508

The CVE refers to SAP BusinessObjects Business Intelligence Platform where an authenticated, high-privileged attacker can insert a malicious URL in the app. When a victim clicks it, an unvalidated redirect to the attacker-controlled domain occurs, potentially downloading malicious content. The im...

8.1CVSS5.5AI score0.00279EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2025/11/06 10:15 p.m.8 views

CVE-2025-64178

Jellysweep is a cleanup tool for the Jellyfin media server. In versions 0.12.1 and below, /api/images/cache, used to download media posters from the server, accepted a URL parameter that was directly passed to the cache package, which downloaded the poster from this URL. This URL parameter can be...

8.9CVSS0.00264EPSS
Exploits0References2
EUVD
EUVD
added 2025/11/06 9:46 p.m.4 views

EUVD-2025-37862

Jellysweep is a cleanup tool for the Jellyfin media server. In versions 0.12.1 and below, /api/images/cache, used to download media posters from the server, accepted a URL parameter that was directly passed to the cache package, which downloaded the poster from this URL. This URL parameter can be...

8.9CVSS6.2AI score0.00264EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/11/06 12:0 a.m.7 views

Jellysweep 代码问题漏洞

Jellysweep is a smart cleanup tool for media servers by Jonah Personal Developer. A code issue vulnerability exists in Jellysweep 0.12.1 and prior versions, which stems from an unvalidated URL parameter in the /api/images/cache endpoint that could result in the download of arbitrary content...

8.9CVSS6.8AI score0.00264EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.13 views

EUVD-2017-6489

Malware in sbrugna...

4.3CVSS4.7AI score0.04946EPSS
Exploits4References5
Cvelist
Cvelist
added 2025/03/12 3:21 a.m.27 views

CVE-2025-1508 WP Crowdfunding <= 2.1.14 - Missing Authorization to Authenticated (Subscriber+) Post Content Download

The WP Crowdfunding plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the downloaddata action in all versions up to, and including, 2.1.14. This makes it possible for authenticated attackers, with subscriber-level access and above, to download...

5.3CVSS0.00389EPSS
Exploits0References3
Patchstack
Patchstack
added 2025/03/11 11:20 p.m.7 views

WordPress WP Crowdfunding plugin <= 2.1.14 - Missing Authorization to Authenticated (Subscriber+) Post Content Download vulnerability

Missing Authorization to Authenticated Subscriber+ Post Content Download vulnerability discovered by Krzysztof Zając in WordPress Plugin WP Crowdfunding versions = 2.1.14...

5.3CVSS8.9AI score0.00389EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/12/17 11:10 a.m.31 views

CVE-2024-9654 Easy Digital Downloads 3.1 - 3.3.4 - Improper Authorization to Paywall Bypass

The Easy Digital Downloads plugin for WordPress is vulnerable to Improper Authorization in versions 3.1 through 3.3.4. This is due to a lack of sufficient validation checks within the 'verifyguestemail' function to ensure the requesting user is the intended recipient of the purchase receipt. This...

3.7CVSS0.0034EPSS
Exploits0References2
OSV
OSV
added 2022/09/23 12:0 a.m.3 views

GHSA-H9WW-WJG4-JVVG Liferay Portal and Liferay DXP Fails to Check Permissions in Translation Module

The Translation module before v2.0.58 from Liferay Portal v7.4.3.12 through v7.4.3.36, and Liferay DXP 7.4 update 8 through 36 does not check permissions before allowing a user to export a web content for translation, allowing attackers to download a web content page's XLIFF translation file via...

6.5CVSS6.3AI score0.00569EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2021/07/22 12:0 a.m.41 views

SUSE SLES12 Security Update : curl (SUSE-SU-2021:2425-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:2425-1 advisory. - CVE-2021-22925: TELNET stack contents disclosure again. bsc1188220 - CVE-2021-22924: Bad connection reuse due to flawed path name...

6.5CVSS6.6AI score0.0627EPSS
Exploits4References13
OSV
OSV
added 2020/10/27 9:15 p.m.1 views

CVE-2020-9979

A trust issue was addressed by removing a legacy API. This issue is fixed in iOS 14.0 and iPadOS 14.0, tvOS 14.0. An attacker may be able to misuse a trust relationship to download malicious content...

5.5CVSS6.7AI score0.00406EPSS
Exploits0References4
CNVD
CNVD
added 2019/11/14 12:0 a.m.1 views

Unauthorized Access Vulnerability in Kairos Helpdesk System

The Kaixin Helpdesk Helpdesk helps IT to collect the problems handled on a daily basis and generate reports to quantify the work. An unauthorized access vulnerability exists in the Qixing Helpdesk system, which can be exploited by an attacker to download system content without authorization...

6.8AI score
Exploits0
NVD
NVD
added 2017/10/27 5:29 a.m.16 views

CVE-2017-5096

Insufficient policy enforcement during navigation between different schemes in Google Chrome prior to 60.0.3112.78 for Android allowed a remote attacker to perform cross origin content download via a crafted HTML page, related to intents...

4.3CVSS4AI score0.01309EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2017/10/27 5:29 a.m.20 views

CVE-2017-5096

Insufficient policy enforcement during navigation between different schemes in Google Chrome prior to 60.0.3112.78 for Android allowed a remote attacker to perform cross origin content download via a crafted HTML page, related to intents...

4.3CVSS6.6AI score0.01309EPSS
Exploits0References2
Prion
Prion
added 2017/10/27 5:29 a.m.14 views

Input validation

Insufficient policy enforcement during navigation between different schemes in Google Chrome prior to 60.0.3112.78 for Android allowed a remote attacker to perform cross origin content download via a crafted HTML page, related to intents...

4.3CVSS4.8AI score0.01309EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2017/10/27 5:29 a.m.5 views

UBUNTU-CVE-2017-5096

Insufficient policy enforcement during navigation between different schemes in Google Chrome prior to 60.0.3112.78 for Android allowed a remote attacker to perform cross origin content download via a crafted HTML page, related to intents...

4.3CVSS6.5AI score0.01309EPSS
Exploits0References3
CVE
CVE
added 2017/10/27 5:0 a.m.87 views

CVE-2017-5096

CVE-2017-5096 affects Google Chrome for Android. The issue is described as insufficient policy enforcement during navigation between schemes, enabling a remote attacker to cause a cross-origin content download via a crafted HTML page and is associated with Android intents. The Chrome 60 release (...

4.3CVSS4.9AI score0.01309EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2017/10/27 5:0 a.m.22 views

CVE-2017-5096

Insufficient policy enforcement during navigation between different schemes in Google Chrome prior to 60.0.3112.78 for Android allowed a remote attacker to perform cross origin content download via a crafted HTML page, related to intents...

5.1AI score0.01309EPSS
Exploits0References5
OSV
OSV
added 2017/10/13 4:29 p.m.5 views

CVE-2017-15014

OpenText Documentum Content Server formerly EMC Documentum Content Server through 7.3 contains the following design gap, which allows authenticated users to download arbitrary content files regardless of the attacker's repository permissions: When an authenticated user uploads content to the...

4.3CVSS5.9AI score0.04946EPSS
Exploits4References3
Rows per page
Query Builder