54 matches found
CVE-2026-25077 Apache CloudStack: Unauthenticated Command Injection in Direct Download Templates
Account users are allowed by default to register templates to be downloaded directly to the primary storage for deploying instances using the KVM hypervisor. Due to missing file name sanitization, an attacker can register malicious templates to execute arbitrary code on the KVM hosts. This can...
CVE-2026-25077 Apache CloudStack: Unauthenticated Command Injection in Direct Download Templates
Account users are allowed by default to register templates to be downloaded directly to the primary storage for deploying instances using the KVM hypervisor. Due to missing file name sanitization, an attacker can register malicious templates to execute arbitrary code on the KVM hosts. This can...
SUSE CVE-2026-27611
FileBrowser Quantum is a free, self-hosted, web-based file manager. Prior to versions 1.1.3-stable and 1.2.6-beta, when users share password-protected files, the recipient can completely bypass the password and still download the file. This happens because the API returns a direct download link i...
EUVD-2026-8594
FileBrowser Quantum: Password Protection Not Enforced on Shared File Links...
GHSA-8VRH-3PM2-V4V6 FileBrowser Quantum: Password Protection Not Enforced on Shared File Links
Summary When users share password-protected files, the recipient can completely bypass the password and still download the file. Details This happens because the API returns a direct download link in the details of the share, which is accessible to anyone with JUST THE SHARE LINK, even without th...
FileBrowser Quantum: Password Protection Not Enforced on Shared File Links
Summary When users share password-protected files, the recipient can completely bypass the password and still download the file. Details This happens because the API returns a direct download link in the details of the share, which is accessible to anyone with JUST THE SHARE LINK, even without th...
CVE-2026-27611
FileBrowser Quantum is a free, self-hosted, web-based file manager. Prior to versions 1.1.3-stable and 1.2.6-beta, when users share password-protected files, the recipient can completely bypass the password and still download the file. This happens because the API returns a direct download link i...
CVE-2026-27611
FileBrowser Quantum is a free, self-hosted, web-based file manager. Prior to versions 1.1.3-stable and 1.2.6-beta, when users share password-protected files, the recipient can completely bypass the password and still download the file. This happens because the API returns a direct download link i...
CVE-2026-27611 FileBrowser Quantum: Password Protection Not Enforced on Shared File Links
FileBrowser Quantum is a free, self-hosted, web-based file manager. Prior to versions 1.1.3-stable and 1.2.6-beta, when users share password-protected files, the recipient can completely bypass the password and still download the file. This happens because the API returns a direct download link i...
FileBrowser 安全漏洞
FileBrowser is a web-based file browser developed by Seagate as open source software. It provides an interface for managing files within specified directories, allowing actions such as uploading, deleting, previewing, renaming, and editing files. It supports multiple users, with each user having...
PT-2026-21839
Name of the Vulnerable Software and Affected Versions FileBrowser Quantum versions prior to 1.1.3-stable FileBrowser Quantum versions prior to 1.2.6-beta Description FileBrowser Quantum is a self-hosted, web-based file manager. Prior to versions 1.1.3-stable and 1.2.6-beta, a flaw existed where...
GHSA-G6QX-WQ5W-WR8V Mattermost Desktop App exposes sensitive information in its application logs
Mattermost Desktop App versions 6.0.0 fail to sanitize sensitive information from Mattermost logs and clear data on server deletion which allows an attacker with access to the users system to gain access to potentially sensitive information via reading the application logs. A fix is available for...
Mattermost Desktop App exposes sensitive information in its application logs
Mattermost Desktop App versions 6.0.0 fail to sanitize sensitive information from Mattermost logs and clear data on server deletion which allows an attacker with access to the users system to gain access to potentially sensitive information via reading the application logs. A fix is available for...
CVE-2025-68116
FileRise is a self-hosted web file manager / WebDAV server. Versions prior to 2.7.1 are vulnerable to Stored Cross-Site Scripting XSS due to unsafe handling of browser-renderable user uploads when served through the sharing and download endpoints. An attacker who can get a crafted SVG primary or...
CVE-2025-10089
Uncontrolled Search Path Element Vulnerability in Setting and Operation Application for Lighting Control System MILCO.S Setting Application all versions, MILCO.S Setting Application IR all versions, MILCO.S Easy Setting Application IR all versions, and MILCO.S Easy Switch Application IR all...
Nextcloud: Credential Disclosure via Unvalidated directDownloadUrl (Missing DontAddCredentialsAttribute)
The Nextcloud Desktop Client was found to automatically include user credentials Authorization header with username and password in Base64 when downloading files via the "directDownloadUrl" feature. This allowed a malicious Nextcloud server to specify an attacker-controlled URL, causing the clien...
EUVD-2025-19579
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2020-13239
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The DMS/ECM module in Dolibarr 11.0.4 renders user-uploaded .html files in the browser when the attachment parameter is removed from the direct download link...
CVE-2025-52996
File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. In versions 2.32.0 and prior, the implementation of password protected links is error-prone, resulting in potential unprotected sharing of a file...
Authentication Bypass by Primary Weakness
Overview Affected versions of this package are vulnerable to Authentication Bypass by Primary Weakness via the password protected links process. An attacker can gain unauthorized access to files by obtaining or discovering direct download links, which may be exposed through browser history, proxy...