280 matches found
PYSEC-2026-359 InvokeAI has External Control of File Name or Path
Path Traversal Vulnerability in InvokeAI A path traversal vulnerability in InvokeAI versions 6.7.0 allows an unauthenticated remote attacker to read files outside the intended media directory via the bulk downloads API. The endpoint accepts a user-controlled file/item name and concatenates it int...
GO-2026-5334 Gitea: Token scope bypass on web archive download endpoint in code.gitea.io/gitea
Gitea: Token scope bypass on web archive download endpoint in code.gitea.io/gitea...
CVE-2026-55439 Halo: Path Traversal in Backup Download Leads to Arbitrary File Read
Halo is an open source website building tool. Prior to 2.24.3, a path traversal vulnerability in the backup download endpoint allows authenticated administrators to read arbitrary files from the server filesystem. The backup download endpoint GET...
CVE-2026-48944 Joomla Extension - getk2.org - Exposure of sensitive files via attachment copy in K2 extension for Joomla < 2.26
The K2 frontend article-save handler accepts an attachmentNexisting POST field that is concatenated with JPATHSITE/ and passed to JFile::copy. JPath::clean does NOT strip .., and there is no allow-list of source paths. An Author can therefore copy configuration.php or any other file readable by t...
CVE-2026-50892
Incorrect access control in the "Let's Encrypt" certificate download endpoint of Nginx Proxy Manager v2.14.0 allows authenticated attackers to obtain the TLS private key material via a crafted GET request...
CVE-2016-20081
WordPress Plugin HB Audio Gallery Lite 1.0.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary files by manipulating the filepath parameter. Attackers can send requests to the audio-download.php endpoint with directory traversal sequences to acces...
EUVD-2016-10893
WordPress Plugin HB Audio Gallery Lite 1.0.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary files by manipulating the filepath parameter. Attackers can send requests to the audio-download.php endpoint with directory traversal sequences to acces...
CVE-2016-20081 WordPress Plugin HB Audio Gallery Lite 1.0.0 Path Traversal File Download
WordPress Plugin HB Audio Gallery Lite 1.0.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary files by manipulating the filepath parameter. Attackers can send requests to the audio-download.php endpoint with directory traversal sequences to acces...
CVE-2026-50892
Incorrect access control in the "Let's Encrypt" certificate download endpoint of Nginx Proxy Manager v2.14.0 allows authenticated attackers to obtain the TLS private key material via a crafted GET request...
CVE-2026-50892
CVE-2026-50892 affects Nginx Proxy Manager v2.14.0. The root cause is improper access control on the Let’s Encrypt certificate download endpoint, allowing authenticated attackers to obtain TLS private key material via a crafted GET request. The impact is limited to confidentiality, with the CVSS ...
PT-2026-49224
WordPress CherryFramework Themes 3.1.4 contains an information disclosure vulnerability that allows unauthenticated attackers to download sensitive backup files by accessing the download backup.php endpoint. Attackers can directly access the download backup.php script in the admin/data management...
PT-2026-49333
Name of the Vulnerable Software and Affected Versions Nginx Proxy Manager version 2.14.0 Description Incorrect access control in the "Let's Encrypt" certificate download endpoint allows authenticated attackers to obtain TLS private key material by sending a crafted GET request. Recommendations At...
CVE-2026-44692 Authenticated Sharp users can download unrelated Laravel Storage objects through the generic download endpoint
Sharp is a content management framework built for Laravel as a package. Prior to version 9.22.0, Sharp exposes a generic download endpoint that authorizes access only to the supplied Sharp entity instance, but then reads the target storage disk and path from request parameters. Because the...
EUVD-2026-36118
Sharp is a content management framework built for Laravel as a package. Prior to version 9.22.0, Sharp exposes a generic download endpoint that authorizes access only to the supplied Sharp entity instance, but then reads the target storage disk and path from request parameters. Because the...
CVE-2026-44692
CVE-2026-44692 affects the Sharp CMS package for Laravel. Prior to version 9.22.0, the generic download endpoint authorizes access only to the selected Sharp entity but then reads the target disk and path from request parameters, allowing an authenticated user who can view one valid record to dow...
sharp 安全漏洞
Sharp is a personal development tool by Lovell, designed to convert large images in common formats into smaller, web-friendly JPEG, PNG, WebP, GIF, and AVIF images. Versions of Sharp prior to 9.22.0 contained a security vulnerability. This vulnerability stemmed from the general download endpoint...
Pipecat 路径遍历漏洞
Pipecat is an open-source development framework developed by Pipecat that supports real-time audio and video stream processing as well as AI-powered dialogue interactions. Versions of Pipecat from 0.0.90 to 1.2.0 contained a path traversal vulnerability. This vulnerability stemmed from path...
CVE-2026-11431
A path traversal vulnerability exists in the Projects Service download endpoint shared by Altium Enterprise Server and Altium 365. An authenticated user can supply a crafted path parameter that bypasses validation, allowing arbitrary files including entire directories returned as archives to be...
EUVD-2026-34919
A path traversal vulnerability exists in the Projects Service download endpoint shared by Altium Enterprise Server and Altium 365. An authenticated user can supply a crafted path parameter that bypasses validation, allowing arbitrary files including entire directories returned as archives to be...
CVE-2026-11431
A path traversal vulnerability exists in the Projects Service download endpoint shared by Altium Enterprise Server and Altium 365. An authenticated user can supply a crafted path parameter that bypasses validation, allowing arbitrary files including entire directories returned as archives to be...