Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the downloadFrom and webhook processes. An attacker can access internal network resources and potentially exfiltrate sensitive information or interact with internal-only services by supplying special...

Missing Support for Integrity Check

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Missing Support for Integrity Check through the download process. An attacker can cause unauthorized or malicious plugin archives to be installed by providing tampered or unverified files...

Google Chrome: Input validation error vulnerability

Google Chrome is a web browser developed by Google Inc. of the United States. Google Chrome has a vulnerability related to input validation, which stems from insufficient validation of unreliable inputs during the download process...

CVE-2024-48538

Incorrect access control in the firmware update and download processes of Neye3C v4.5.2.0 allows attackers to access sensitive information by analyzing the code and data within the APK file...

PT-2024-33145 · Unknown · Dreamcatcher Life

Name of the Vulnerable Software and Affected Versions: DreamCatcher Life version 1.8.7 Description: The issue is related to incorrect access control in the firmware update and download processes. This allows attackers to access sensitive information by analyzing the code and data within the APK...

PT-2024-33143 · Ivy Smart · Ivy Smart

Name of the Vulnerable Software and Affected Versions: IVY Smart version 4.5.0 Description: The issue is related to incorrect access control in the firmware update and download processes. This allows attackers to access sensitive information by analyzing the code and data within the APK file...

CVE-2023-0700

Inappropriate implementation in Download in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to potentially spoof the contents of the Omnibox URL bar via a crafted HTML page. Chromium security severity: Medium...

The vulnerability of the McAfee Total Protection download client allows a hacker to execute arbitrary code.

The vulnerability of the McAfee Total Protection antivirus protection software’s download process is related to the use of an unreliable search path during the download of dynamic DLL libraries. Exploiting this vulnerability allows an attacker to execute arbitrary code...

Downloading entire Vulners.com database in 5 minutes

Today I once again would like to talk about Vulners.com and why, in my opinion, it is the best vulnerability database that exist nowadays and a real game-changer. The main thing is transparency. Using Vulners you not only can search for security content see "Vulners – Google for hacker", but...

Path traversal

Absolute path traversal vulnerability in the image-download process in the fabric-interconnect component in Cisco Unified Computing System UCS allows local users to overwrite or delete arbitrary files via a full pathname in an image header, aka Bug ID CSCtq02706...