CVE-2026-9712

When creating an export through the pretix API, API clients are returned an UUID value for their export job a long, random string like 35742818-c375-4d15-839f-d49aecce94d6. Using this UUID, the API client can then request the actual file for download. The same kind of UUID is used in other places...

CVE-2026-42501

A malicious module proxy can exploit a flaw in the go command's validation of module checksums to bypass checksum database validation. This vulnerability affects any user using an untrusted module proxy GOMODPROXY or checksum database GOSUMDB. A malicious module proxy can serve altered versions o...

Incus does not verify combined fingerprint when downloading images from simplestreams servers

Summary A lack of validation of the image fingerprint when downloading from simplestreams image servers opens the door to image cache poisoning and under very narrow circumstances exposes other tenants to running attacker controlled images rather than the expected one. Details Incus image...

EUVD-2018-16959

Malware in sbrugna...

EUVD-2020-30691

Malware in sbrugna...

EUVD-2002-0024

Malware in sbrugna...

EUVD-2004-2649

Malware in sbrugna...

EUVD-2025-0094

Malicious code in bioql PyPI...

EUVD-2025-21377

Malicious code in bioql PyPI...

CVE-2015-10142

Sitecore Experience Platform XP prior to 8.0 Initial Release rev. 141212 and Content Management System CMS prior to 7.2 Update-3 rev. 141226 and prior to 7.5 Update-1 rev. 150130 contain a vulnerability that may allow an attacker to download files under the web root of the site when the name of t...

WordPress Easy Video Player Wordpress & WooCommerce Theme <= 10.0 is vulnerable to Arbitrary File Download

Software Easy Video Player Wordpress & WooCommerce Type Theme Vulnerable versions = 10.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Download CVE CVE-2025-28955 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 646c16d60f12 Credits 0xd4rk5id3...

CVE-2024-10403

Brocade Fabric OS versions before 8.2.3e2, versions 9.0.0 through 9.2.0c, and 9.2.1 through 9.2.1a can capture the SFTP/FTP server password used for a firmware download operation initiated by SANnav or through WebEM in a weblinker core dump that is later captured via supportsave...

CVE-2024-0815

Command injection in paddle.utils.download.wgetdownload bypass filter in paddlepaddle/paddle 2.6.0...

SUSE CVE-2023-5850

Incorrect security UI in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform domain spoofing via a crafted domain name. Chromium security severity: Medium...

CVE-2023-35934

yt-dlp is a command-line program to download videos from video sites. During file downloads, yt-dlp or the external downloaders that yt-dlp employs may leak cookies on HTTP redirects to a different host, or leak them when the host for download fragments differs from their parent manifest's host...

CVE-2023-29541

Firefox did not properly handle downloads of files ending in .desktop, which can be interpreted to run attacker-controlled commands. This bug only affects Firefox for Linux on certain Distributions. Other operating systems are unaffected, and Mozilla is unable to enumerate all affected Linux...

Brave 安全漏洞

Brave is a fast, private and secure web browser from Brave USA. A security vulnerability exists in versions prior to Brave 1.48.171, which stems from a download security check dialog that is not displayed to the user when saving a file...

CVE-2023-31250 Drupal core - Moderately critical - Access bypass - SA-CORE-2023-005

The file download facility doesn't sufficiently sanitize file paths in certain situations. This may result in users gaining access to private files that they should not have access to. Some sites may require configuration changes following this security release. Review the release notes for your...

Hacktivists Leak 1.7TB of Cellebrite, 103GB of MSAB Data

By Waqas The data is now available for download on DDoSecrets and the official website Enlace Hacktivista. This is a post from HackRead.com Read the original post: Hacktivists Leak 1.7TB of Cellebrite, 103GB of MSAB Data...

BossCMS V1.1 Arbitrary File Download Vulnerability in Background

BossCMS is a safe, stable, good, permanent free open source, independent research and development of PHP framework for enterprise building system. BossCMS background arbitrary file download vulnerability, attackers can use the vulnerability to download any file in the server...