EUVD-2023-60568

WordPress Plugin Backup Migration 1.2.8 contains an information disclosure vulnerability that allows unauthenticated attackers to download complete database backups by accessing predictable file paths. Attackers can enumerate backup directories through configuration files and complete logs, then...

CVE-2023-54346 WordPress Plugin Backup Migration 1.2.8 Unauthenticated Database Backup Download

WordPress Plugin Backup Migration 1.2.8 contains an information disclosure vulnerability that allows unauthenticated attackers to download complete database backups by accessing predictable file paths. Attackers can enumerate backup directories through configuration files and complete logs, then...

CVE-2026-30933

FileBrowser Quantum is a free, self-hosted, web-based file manager. Prior to 1.3.1-beta and 1.2.2-stable, the remediation for CVE-2026-27611 is incomplete. Password protected shares still disclose tokenized downloadURL via /public/api/share/info. This vulnerability is fixed in 1.3.1-beta and...

EUVD-2026-10544

FileBrowser Quantum is a free, self-hosted, web-based file manager. Prior to 1.3.1-beta and 1.2.2-stable, the remediation for CVE-2026-27611 is incomplete. Password protected shares still disclose tokenized downloadURL via /public/api/share/info. This vulnerability is fixed in 1.3.1-beta and...

FileBrowser Quantum 安全漏洞

FileBrowser Quantum is a file manager developed by Graham Steffaniak. Versions of FileBrowser Quantum prior to 1.3.1-beta and 1.2.2-stable contained security vulnerabilities. These vulnerabilities stemmed from the fact that tokenized download URLs were still exposed through /public/api/share/info...

CVE-2026-1060

The WP Adminify plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.0.7.7 via the /wp-json/adminify/v1/get-addons-list REST API endpoint. The endpoint is registered with permissioncallback set to returntrue, allowing unauthenticated attacke...

EUVD-2018-12648

Malware in sbrugna...

EUVD-2021-30377

Malicious code in bioql PyPI...

setuptools: Path Traversal Vulnerability in setuptools PackageIndex

A path traversal vulnerability in the Python setuptools library allows attackers with limited system access to write files outside the intended temporary directory by manipulating package download URLs. This flaw bypasses basic filename sanitization and can lead to unauthorized overwrites of...

setuptools: Path Traversal Vulnerability in setuptools PackageIndex

A path traversal vulnerability in the Python setuptools library allows attackers with limited system access to write files outside the intended temporary directory by manipulating package download URLs. This flaw bypasses basic filename sanitization and can lead to unauthorized overwrites of...

setuptools: Path Traversal Vulnerability in setuptools PackageIndex

A path traversal vulnerability in the Python setuptools library allows attackers with limited system access to write files outside the intended temporary directory by manipulating package download URLs. This flaw bypasses basic filename sanitization and can lead to unauthorized overwrites of...

Authentication Bypass by Primary Weakness

Overview Affected versions of this package are vulnerable to Authentication Bypass by Primary Weakness via the password protected links process. An attacker can gain unauthorized access to files by obtaining or discovering direct download links, which may be exposed through browser history, proxy...

Janto Ticketing 安全漏洞

Janto Ticketing is a ticketing software from Janto. A security vulnerability exists in Janto Ticketing version 4.3r10, which originates from a vulnerability that allows a remote user to obtain other users' download URLs to obtain purchased tickets...

Improper Access Control

ezsystems/ezplatform is vulnerable to Improper Access Control. The vulnerability is caused by missing validations in the file download route used for downloading files by specifying the name of the downloaded file. An attacker can construct download URLs with filenames that have no relation to th...

Cross site scripting

Pydio Cells through 4.1.2 allows XSS. Pydio Cells implements the download of files using presigned URLs which are generated using the Amazon AWS SDK for JavaScript 1. The secrets used to sign these URLs are hardcoded and exposed through the JavaScript files of the web application. Therefore, it i...

PT-2023-24000 · Pydio · Pydio Cells

Name of the Vulnerable Software and Affected Versions: Pydio Cells versions 4.1.2 and earlier Description: The issue allows for cross-site scripting XSS due to the exposure of secrets used to sign presigned URLs for file downloads. These secrets are hardcoded and accessible through the web...

Security Bulletin: IBM® Db2® is vulnerable to a denial of service as the server may crash when an Out of Memory occurs. (CVE-2023-26022)

Summary IBM® Db2® is vulnerable to a denial of service as the server may crash when an Out of Memory occurs. Vulnerability Details CVEID:CVE-2023-26022 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server is vulnerable to a denial of service as the server may crash when an...

PT-2022-11839

Name of the Vulnerable Software and Affected Versions ONLYOFFICE all versions as of 2021-11-08 Description The issue is related to Incorrect Access Control, where signed document download URLs can be forged due to a weak default URL signing key. This allows for potential exploitation, including...

Security Bulletin: IBM QMF Analytics for Multiplatforms is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-44228)

Summary Apache Log4j is used by the QMF Vision component of IBM QMF Analytics for Multiplatforms as part of its logging infrastructure and is vulnerable to arbitrary code execution CVE-2021-44228. The fix includes Apache Log4j v2.17.0. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apac...

Arbtirary Command Execution

composer/composer is vulnerable to arbitrary command execution. A missing argument delimiter allows an attacker to inject and execute arbitrary commands via VCS repository URLs or source download URLs on systems with Mercurial...