Lucene search
K

6 matches found

OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-408 MCP Atlassian has an arbitrary file write leading to arbitrary code execution via unconstrained download_path in confluence_download_attachment

Summary The confluencedownloadattachment MCP tool accepts a downloadpath parameter that is written to without any directory boundary enforcement. An attacker who can call this tool and supply or access a Confluence attachment with malicious content can write arbitrary content to any path the serv...

9CVSS6.7AI score0.0226EPSS
Exploits1References6
NVD
NVD
added 2026/05/16 4:16 p.m.16 views

CVE-2020-37246

Supsystic Backup 2.3.9 contains a local file inclusion vulnerability that allows unauthenticated attackers to read and delete arbitrary files by manipulating the download path parameter. Attackers can modify the download parameter in admin.php requests with directory traversal sequences to access...

6.9CVSS0.00673EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/16 3:26 p.m.9 views

CVE-2020-37246

Supsystic Backup 2.3.9 contains a local file inclusion vulnerability that allows unauthenticated attackers to read and delete arbitrary files by manipulating the download path parameter. Attackers can modify the download parameter in admin.php requests with directory traversal sequences to access...

6.9CVSS5.9AI score0.00673EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/05/16 3:26 p.m.16 views

CVE-2020-37246

The CVE affects the WordPress plugin Supsystic Backup 2.3.9 . A local file inclusion (LFI) flaw arises from manipulating the download parameter in admin.php with directory traversal sequences, enabling unauthenticated attackers to read arbitrary files (e.g., /etc/passwd) and to delete files via t...

6.9CVSS5.9AI score0.00673EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/02/18 12:0 a.m.8 views

WordPress plugin WP-DownloadManager 路径遍历漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

2.7CVSS6AI score0.00718EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-52691

Malicious code in bioql PyPI...

8.1CVSS6.6AI score0.00468EPSS
Exploits0References2
Rows per page
Query Builder