CVE-2017-18636

CDG through 2017-01-01 allows downloadDocument.jsp?command=download= directory traversal...

CVE-2025-14633

The F70 Lead Document Download plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'filedownload' function in all versions up to, and including, 1.4.4. This makes it possible for unauthenticated attackers to download any file from the WordPre...

EUVD-2025-204627

The F70 Lead Document Download plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'filedownload' function in all versions up to, and including, 1.4.4. This makes it possible for unauthenticated attackers to download any file from the WordPre...

CVE-2025-14633

The F70 Lead Document Download plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'filedownload' function in all versions up to, and including, 1.4.4. This makes it possible for unauthenticated attackers to download any file from the WordPre...

CVE-2025-14633

CVE-2025-14633 affects the F70 Lead Document Download plugin for WordPress (versions ≤ 1.4.4). A missing capability check in the file_download function allows unauthenticated attackers to download any media-library file by enumerating attachment IDs. Wordfence’s entry for this CVE notes the patch...

WordPress plugin F70 Lead Document Download 安全漏洞

...

WordPress F70 Lead Document Download plugin <= 1.4.4 - Missing Authorization to Unauthenticated Arbitrary Media File Download vulnerability

Missing Authorization to Unauthenticated Arbitrary Media File Download vulnerability discovered by ChamlaVic in WordPress Plugin F70 Lead Document Download versions = 1.4.4...

GHSA-8WVC-869R-XFQF Open WebUI Vulnerable to Stored DOM XSS via Note 'Download PDF'

Summary A Stored XSS vulnerability has been discovered in Open-WebUI's Notes PDF download functionality. An attacker can import a Markdown file containing malicious SVG tags into Notes, allowing them to execute arbitrary JavaScript code and steal session tokens when a victim downloads the note as...

EUVD-2020-18798

Malware in sbrugna...

EUVD-2007-2130

Malware in sbrugna...

EUVD-2021-30377

Malicious code in bioql PyPI...

CVE-2023-34958

Incorrect access control in Chamilo 1.11. up to 1.11.18 allows a student subscribed to a given course to download documents belonging to another student if they know the document's ID...

CVE-2020-26173

An incorrect access control implementation in Tangro Business Workflow before 1.18.1 allows an attacker to download documents PDF by providing a valid document ID and token. No further authentication is required...

CVE-2025-2306 Improper Access Control vulnerability in LIVE CONTRACT

An Improper Access Control vulnerability was identified in the file download functionality. This vulnerability allows users to download sensitive documents without authentication, if the URL is known. The attack requires the attacker to know the documents UUIDv4...

UBUNTU-CVE-2024-38370

GLPI is a free asset and IT management software package. Starting in 9.2.0 and prior to 11.0.0, it is possible to download a document from the API without appropriate rights. Upgrade to 10.0.16...

CVE-2024-38370 GLPI allows API document download without rights

GLPI is a free asset and IT management software package. Starting in 9.2.0 and prior to 11.0.0, it is possible to download a document from the API without appropriate rights. Upgrade to 10.0.16...

GLPI 授权问题漏洞

GLPI is an open source IT and asset management software from an individual developer. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner and i...

WordPress Get Quote For Woocommerce – Request A Quote For Woocommerce plugin <= 1.0.0 - Missing Authorization to Unauthenticated Quote PDF and CSV Download vulnerability

Missing Authorization to Unauthenticated Quote PDF and CSV Download vulnerability discovered by stehled in WordPress Plugin Get Quote For Woocommerce versions = 1.0.0...

CVE-2023-34958

Incorrect access control in Chamilo 1.11. up to 1.11.18 allows a student subscribed to a given course to download documents belonging to another student if they know the document's ID...

CVE-2023-34958

Incorrect access control in Chamilo 1.11. up to 1.11.18 allows a student subscribed to a given course to download documents belonging to another student if they know the document's ID...