CVE-2025-11692 Zip Attachments <= 1.6 - Missing Authorization to Limited File Deletion

The Zip Attachments plugin for WordPress is vulnerable to unauthorized loss of data due to a missing authorization and capability checks on the download.php file in all versions up to, and including, 1.6. This makes it possible for unauthenticated attackers to delete arbitrary files from the...

CVE-2022-29720

74cmsSE v3.5.1 was discovered to contain an arbitrary file read vulnerability via the component \index\controller\Download.php...

Arbitrary File Download Vulnerability in ZTE ZXECS EBG2800

The ZXECS EBG2800 is a converged communications product that integrates data, voice, security, behavior management and rich value-added business applications into a single system, providing a variety of functions required by enterprises in a modular format. An arbitrary file download vulnerabilit...

PI Engine Arbitrary File Download Vulnerability

PI Engine is an open-source CMS system that is more widely used within some Internet companies. The /download.php page of PI Engine is used to provide the file download function, but the function does not impose any restriction on file types, and there are flaws in the checking of paths, so an...