41 matches found
Nginx-UI Vulnerable to Unauthenticated Backup Download with Encryption Key Disclosure
Summary The /api/backup endpoint is accessible without authentication and discloses the encryption keys required to decrypt the backup in the X-Backup-Security response header. This allows an unauthenticated attacker to download a full system backup containing sensitive data user credentials,...
CVE-2025-1070
CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists that could render the device inoperable when a malicious file is downloaded...
EUVD-2019-0216
Malware in sbrugna...
EUVD-2016-10021
Malware in sbrugna...
EUVD-2013-0899
Malware in sbrugna...
EUVD-2019-13867
Malware in sbrugna...
EUVD-2007-4407
Malware in sbrugna...
EUVD-2008-2302
Malware in sbrugna...
EUVD-2019-18380
Malware in sbrugna...
EUVD-2025-27742
Malicious code in bioql PyPI...
EUVD-2022-3588
Malicious code in bioql PyPI...
EUVD-2022-34759
Malicious code in bioql PyPI...
EUVD-2024-40404
Malicious code in bioql PyPI...
CVE-2025-7899 Insecure Direct Object Reference in extension "powermail" (powermail)
The powermail extension for TYPO3 allows Insecure Direct Object Reference resulting in download of arbitrary files from the webserver. This issue affects powermail version 12.0.0 up to 12.5.2 and version 13.0.0...
RHEL 8 : thunderbird (RHSA-2025:10165)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2025:10165 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: thunderbird: Unsolicited File Download, Disk Space Exhaustio...
SUSE-SU-2025:01660-2 Security update for MozillaThunderbird
This update for MozillaThunderbird fixes the following issues: Update to Mozilla Thunderbird 128.10.1. Security fixes: - MFSA 2025-34 bsc1243216 CVE-2025-3875: Sender Spoofing via Malformed From Header in Thunderbird. CVE-2025-3877: Unsolicited File Download, Disk Space Exhaustion, and Credential...
CVE-2024-51749
Element is a Matrix web client built using the Matrix React SDK. Versions of Element Web and Desktop earlier than 1.11.85 do not check if thumbnails for attachments, stickers and images are coherent. It is possible to add thumbnails to events trigger a file download once clicked. Fixed in...
CVE-2024-52921
In Bitcoin Core before 25.0, a peer can affect the download state of other peers by sending a mutated block...
CVE-2022-2981
The Download Monitor WordPress plugin before 4.5.98 does not ensure that files to be downloaded are inside the blog folders, and not sensitive, allowing high privilege users such as admin to download the wp-config.php or /etc/passwd even in an hardened environment or multisite setup...
CVE-2019-9802
If a Sandbox content process is compromised, it can initiate an FTP download which will then use a child process to render the downloaded data. The downloaded data can then be passed to the Chrome process with an arbitrary file length supplied by an attacker, bypassing sandbox protections and all...