Lucene search
+L

41 matches found

github
github
added 2026/03/05 6:26 p.m.21 views

Nginx-UI Vulnerable to Unauthenticated Backup Download with Encryption Key Disclosure

Summary The /api/backup endpoint is accessible without authentication and discloses the encryption keys required to decrypt the backup in the X-Backup-Security response header. This allows an unauthenticated attacker to download a full system backup containing sensitive data user credentials,...

9.8CVSS6AI score0.22162EPSS
Exploits13References6Affected Software1
redhatcve
redhatcve
added 2026/01/07 9:11 a.m.6 views

CVE-2025-1070

CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists that could render the device inoperable when a malicious file is downloaded...

8.1CVSS6.8AI score0.00458EPSS
Exploits0References1
euvd
euvd
added 2025/10/07 12:30 a.m.3 views

EUVD-2019-0216

Malware in sbrugna...

9.3CVSS8.1AI score0.01682EPSS
Exploits0References5
euvd
euvd
added 2025/10/07 12:30 a.m.7 views

EUVD-2016-10021

Malware in sbrugna...

4.3CVSS4.8AI score0.01184EPSS
Exploits0References3
euvd
euvd
added 2025/10/07 12:30 a.m.5 views

EUVD-2013-0899

Malware in sbrugna...

5CVSS9.3AI score0.01556EPSS
Exploits0References6
euvd
euvd
added 2025/10/07 12:30 a.m.5 views

EUVD-2019-13867

Malware in sbrugna...

5.3CVSS5.5AI score0.01301EPSS
Exploits0References3
euvd
euvd
added 2025/10/07 12:30 a.m.6 views

EUVD-2007-4407

Malware in sbrugna...

4.3CVSS6.4AI score0.01083EPSS
Exploits0References6
euvd
euvd
added 2025/10/07 12:30 a.m.6 views

EUVD-2008-2302

Malware in sbrugna...

9.3CVSS6.2AI score0.03814EPSS
Exploits1References7
euvd
euvd
added 2025/10/07 12:30 a.m.9 views

EUVD-2019-18380

Malware in sbrugna...

9.8CVSS8.7AI score0.02531EPSS
Exploits0References4
euvd
euvd
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-27742

Malicious code in bioql PyPI...

9.8CVSS6.6AI score0.00555EPSS
Exploits1References2
euvd
euvd
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-3588

Malicious code in bioql PyPI...

8.6CVSS7.2AI score0.01279EPSS
Exploits0References25
euvd
euvd
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-34759

Malicious code in bioql PyPI...

7.5CVSS7.4AI score0.00849EPSS
Exploits0References3
euvd
euvd
added 2025/10/03 8:7 p.m.8 views

EUVD-2024-40404

Malicious code in bioql PyPI...

7.5CVSS6.6AI score0.00572EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2025/07/22 10:18 a.m.4 views

CVE-2025-7899 Insecure Direct Object Reference in extension "powermail" (powermail)

The powermail extension for TYPO3 allows Insecure Direct Object Reference resulting in download of arbitrary files from the webserver. This issue affects powermail version 12.0.0 up to 12.5.2 and version 13.0.0...

6CVSS6.5AI score0.00275EPSS
Exploits0References1
nessus
nessus
added 2025/07/02 12:0 a.m.5 views

RHEL 8 : thunderbird (RHSA-2025:10165)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2025:10165 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: thunderbird: Unsolicited File Download, Disk Space Exhaustio...

9.8CVSS6.6AI score0.03123EPSS
Exploits0References8
osv
osv
added 2025/05/29 9:33 a.m.4 views

SUSE-SU-2025:01660-2 Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issues: Update to Mozilla Thunderbird 128.10.1. Security fixes: - MFSA 2025-34 bsc1243216 CVE-2025-3875: Sender Spoofing via Malformed From Header in Thunderbird. CVE-2025-3877: Unsolicited File Download, Disk Space Exhaustion, and Credential...

8.1CVSS5.9AI score0.00378EPSS
Exploits0References6
redhatcve
redhatcve
added 2025/05/23 8:4 a.m.11 views

CVE-2024-51749

Element is a Matrix web client built using the Matrix React SDK. Versions of Element Web and Desktop earlier than 1.11.85 do not check if thumbnails for attachments, stickers and images are coherent. It is possible to add thumbnails to events trigger a file download once clicked. Fixed in...

3.5CVSS6.8AI score0.0033EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/23 6:41 a.m.9 views

CVE-2024-52921

In Bitcoin Core before 25.0, a peer can affect the download state of other peers by sending a mutated block...

5.3CVSS6.9AI score0.00428EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/22 10:50 p.m.6 views

CVE-2022-2981

The Download Monitor WordPress plugin before 4.5.98 does not ensure that files to be downloaded are inside the blog folders, and not sensitive, allowing high privilege users such as admin to download the wp-config.php or /etc/passwd even in an hardened environment or multisite setup...

4.9CVSS6.6AI score0.00859EPSS
Exploits2References1
redhatcve
redhatcve
added 2025/05/22 8:58 a.m.10 views

CVE-2019-9802

If a Sandbox content process is compromised, it can initiate an FTP download which will then use a child process to render the downloaded data. The downloaded data can then be passed to the Chrome process with an arbitrary file length supplied by an attacker, bypassing sandbox protections and all...

7.5CVSS6AI score0.01127EPSS
Exploits0References1
Rows per page
Query Builder