CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added yesterday•3 views

CVE-2026-11416

MoviePilot contains a path traversal vulnerability in the AliPan, U115, and Rclone cloud storage download handlers where the local destination path is constructed by concatenating the configured download directory with a filename taken directly from remote cloud API metadata without basename...

8.1CVSS

CVE•added yesterday•8 views

CVE-2026-11416

Summary: MoviePilot is affected by a path traversal vulnerability in the AliPan, U115, and Rclone cloud storage download handlers. The local destination path is built by concatenating the configured download directory with a filename taken directly from remote cloud API metadata, without basename...

8.1CVSS5.6AI score

ATTACKERKB•added yesterday•3 views

CVE-2026-11416

8.1CVSS5.6AI score

Exploits0References4

EUVD•added yesterday•4 views

EUVD-2026-34920

8.1CVSS5.6AI score

Cvelist•added yesterday•5 views

CVE-2026-11416 MoviePilot Path Traversal via Cloud Storage Download Handlers

8.1CVSS

EUVD•added yesterday•4 views

EUVD-2026-34919

8.3CVSS5.5AI score

ATTACKERKB•added yesterday•5 views

CVE-2026-11431

8.3CVSS5.5AI score

Exploits0References2

Cvelist•added yesterday•11 views

CVE-2026-11423 Path Traversal in Altium Enterprise Server Collaboration Service Allows Privilege Escalation

A path traversal vulnerability exists in the Altium Enterprise Server Collaboration Service due to improper handling of user-supplied filenames in the MCAD and Simulation file download flows. A regular authenticated user can submit a collaboration message containing a crafted filename, which is...

9.4CVSS

RedhatCVE•added yesterday•3 views

CVE-2026-30996

An issue in the file handling logic of the component download.php of SAC-NFe v2.0.02 allows attackers to execute a directory traversal and read arbitrary files from the system via a crafted GET request...

7.5CVSS5.6AI score0.00564EPSS

RedhatCVE•added yesterday•1 views

CVE-2026-10581

A flaw has been found in DedeCMS 5.7.88. Affected by this vulnerability is the function base64decode of the file /plus/download.php?open=1. This manipulation of the argument Link causes server-side request forgery. Remote exploitation of the attack is possible. The exploit has been published and...

6.5CVSS6.2AI score0.00029EPSS

6.5CVSS6AI score0.00043EPSS

CVE-2026-10241

A security flaw has been discovered in jeecgboot The server processes these URLs up to 3.9.1. This affects the function FileDownloadUtils.download2DiskFromNet of the file /airag/app/debug of the component Cloud Instance Metadata Endpoint. The manipulation results in server-side request forgery. T...

5.8CVSS5.2AI score0.00047EPSS

CVE-2026-6220

A vulnerability was identified in HummerRisk up to 1.5.0. This vulnerability affects the function ServerService.addServer of the file ServerService.java of the component Video File Download URL Handler. Such manipulation of the argument streamIp leads to server-side request forgery. It is possibl...

8CVSS6AI score0.00136EPSS

CVE-2026-37266

An issue in Responsive File Manager Responsive FileManager Version 9.14.0 allows a remote attacker to execute arbitrary code via the forcedownload.php component...

RedhatCVE•added yesterday•3 views

CVE-2025-62619

Missing authentication in the KVM key download endpoint could allow an unauthenticated attacker with knowledge of the exposed URL to retrieve sensitive keys, potentially leading to loss of confidentiality...

6.3CVSS5.5AI score0.00097EPSS

6CVSS5.4AI score0.00051EPSS

CVE-2025-62625

Improper privilege management in the KVM key download component could allow an attacker to swap tokens and download sensitive keys, potentially resulting in unauthorized access to privileged resources and loss of confidentiality...

RedhatCVE•added yesterday•3 views

CVE-2026-7132

A vulnerability was found in code-projects Online Lot Reservation System up to 1.0. This affects the function readfile of the file /download.php. The manipulation of the argument File results in path traversal. It is possible to launch the attack remotely. The exploit has been made public and cou...

6.9CVSS5.6AI score0.00062EPSS

RedhatCVE•added yesterday•1 views

CVE-2026-7257

UNSUPPORTED WHEN ASSIGNED An insecure storage of sensitive information vulnerability in the configuration file of Zyxel WRE6505 v2 firmware version V1.00ABDV.3C0 could allow a local attacker with administrator privileges to download and decrypt a backup configuration file...

4.4CVSS5.4AI score0.00015EPSS

6.3CVSS5.5AI score0.0003EPSS

CVE-2026-7879

In Concrete CMS 9.5.0 and below, the submitpassword method in concrete/controllers/singlepage/downloadfile.php allows unauthorized file access since downloading permission-restricted files bypasses the viewfile permission check. Files without passwords can be downloaded and any user who knows a...

4.6CVSS5.2AI score0.00023EPSS

CVE-2026-47782

Android App "RoboForm Password Manager" provided by Siber Systems, Inc. handles Android intents without sufficient URL validation, user confirmation nor notification. If a URL to some malicious web page is given through an intent, RoboForm may silently download files without user confirmation nor...