pretix 安全漏洞

Pretix is a ticketing system developed by the German company Pretix. There is a security vulnerability in Pretix. This vulnerability stems from an API endpoint that does not verify whether the UUID used for downloading corresponds to the file that should be downloaded and whether it belongs to th...

CVE-2026-20189

A vulnerability in the log file download functionality of Cisco Prime Infrastructure could allow an authenticated, remote attacker to download arbitrary log files from the server. This vulnerability is due to insufficient authorization checks on the download service API. An attacker could exploit...

CVE-2026-3189 feiyuchuixue sz-boot-parent download server-side request forgery

A weakness has been identified in feiyuchuixue sz-boot-parent up to 1.3.2-beta. This vulnerability affects unknown code of the file /api/admin/common/files/download. Executing a manipulation of the argument url can lead to server-side request forgery. The attack can be executed remotely. Attacks ...

PT-2026-21944

Name of the Vulnerable Software and Affected Versions feiyuchuixue sz-boot-parent versions through 1.3.2-beta Description A weakness exists in feiyuchuixue sz-boot-parent up to version 1.3.2-beta. This issue affects unknown code within the /api/admin/common/files/download file. Manipulation of th...

CVE-2026-1459

A post-authentication command injection vulnerability in the TR-369 certificate download CGI program of the Zyxel VMG3625-T50B firmware versions through 5.50ABPM.9.7C0 could allow an authenticated attacker with administrator privileges to execute operating system OS commands on an affected device...

CVE-2026-1459

CVE-2026-1459 describes a post-authentication command-injection vulnerability in Zyxel VMG3625-T50B devices, affecting firmware up to 5.50(ABPM.9.7)C0. The issue is in the TR-369 certificate download CGI program; an authenticated administrator can execute OS commands on the device. Metrics indica...

Zyxel VMG3625-T50B 操作系统命令注入漏洞

The Zyxel VMG3625-T50B is a WiFi device produced by the Zyxel company. The firmware version 5.50ABPM.9.7C0 and earlier contain a vulnerability related to operating system command injection. This vulnerability stems from the CGI program used for downloading the TR-369 certificate, which allows for...

CVE-2025-61976

CHOCO TEI WATCHER mini IB-MCT001 contains an issue with improper check for unusual or exceptional conditions. If a remote attacker sends a specially crafted request to the Video Download interface, the system may become unresponsive...

Multiple vulnerabilities in CHOCO TEI WATCHER mini

Overview CHOCO TEI WATCHER mini provided by Inaba Denki Sangyo Co., Ltd. contains multiple vulnerabilities listed below. Clickjacking CWE-1021 - CVE-2025-59479 Improper check for unusual conditions CWE-754 - CVE-2025-61976 Improper check for unusual conditions CWE-754 - CVE-2025-66357 JTEKT...

CVE-2025-61976

CHOCO TEI WATCHER mini IB-MCT001 contains an issue with improper check for unusual or exceptional conditions. If a remote attacker sends a specially crafted request to the Video Download interface, the system may become unresponsive...

CVE-2025-61976

CHOCO TEI WATCHER mini IB-MCT001 contains an issue with improper check for unusual or exceptional conditions. If a remote attacker sends a specially crafted request to the Video Download interface, the system may become unresponsive...

CVE-2025-61976

CHOCO TEI WATCHER mini IB-MCT001 contains an issue with improper check for unusual or exceptional conditions. If a remote attacker sends a specially crafted request to the Video Download interface, the system may become unresponsive...

PT-2025-51369

Name of the Vulnerable Software and Affected Versions CHOCO TEI WATCHER mini IB-MCT001 affected versions not specified Description The CHOCO TEI WATCHER mini IB-MCT001 has a flaw due to insufficient validation of input. A remote attacker could send a specially crafted request to the Video Downloa...

EUVD-2025-37023

Dell Secure Connect Gateway SCG 5.0 Application and Appliance versions 5.26.00.00 - 5.30.00.00, contain a Relative Path Traversal vulnerability in the SCG exposed for an internal collection download REST API if this REST API is enabled by Admin user from UI. A low privileged attacker with remote...

EUVD-2025-29212

Malicious code in bioql PyPI...

EUVD-2025-12485

Malicious code in bioql PyPI...

CVE-2025-49089

wangxutech MoneyPrinterTurbo 1.2.6 allows path traversal via /api/v1/download/ URIs such as /api/v1/download//etc/passwd...

CVE-2024-0882

A vulnerability was found in qwdigital LinkWechat 5.1.0. It has been classified as problematic. This affects an unknown part of the file /linkwechat-api/common/download/resource of the component Universal Download Interface. The manipulation of the argument name with the input...

CVE-2025-2850 GL.iNet GL-A1300 Slate Plus Download Interface improper authorization

A vulnerability was found in GL.iNet GL-A1300 Slate Plus, GL-AR300M16 Shadow, GL-AR300M Shadow, GL-AR750 Creta, GL-AR750S-EXT Slate, GL-AX1800 Flint, GL-AXT1800 Slate AX, GL-B1300 Convexa-B, GL-B3000 Marble, GL-BE3600 Slate 7, GL-E750, GL-E750V2 Mudi, GL-MT300N-V2 Mango, GL-MT1300 Beryl, GL-MT250...

CVE-2025-2850

CVE-2025-2850 concerns GL.iNet router firmware Download Interface across multiple models (e.g., GL-A1300 Slate Plus, GL-AR300M16 Shadow, GL-AR750 Creta, GL-AX1800 Flint, GL-MT300N-V2 Mango, GL-XE3000 Puli AX, etc.). Connected sources describe a vulnerability in the Download Interface component wh...