Fake BlueWallet steals passwords, accounts, and crypto from Macs

A fake website impersonating BlueWallet a real Bitcoin wallet is targeting Mac users with a simple but effective attack. BlueWallet itself has not been compromised. Instead, cybercriminals have stolen the name and branding of the legitimate Bitcoin wallet to make a malicious download appear...

Astra Linux - уязвимость в firefox

When downloading an HTML file, if the title of the page is formatted as a filename with a malicious extension, Firefox may save the file with that extension. This could lead to potential system compromise if the downloaded file is later executed. This vulnerability affects Firefox versions earlie...

CVE-2026-35385

In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, an outcome contrary to some users' expectations, if the download is performed as root with -O legacy scp protocol and without -p preserve mode...

GHSA-RC55-58F4-687G Roadiz has Server-Side Request Forgery (SSRF) in roadiz/documents

This vulnerability allows an authenticated attacker to read any file on the server's local file system that the web server process has access to, including highly sensitive environment variables, database credentials, and internal configuration files. | Field | Details | | :--- | :--- | |...

CVE-2025-5335

A maliciously crafted binary file when downloaded could lead to escalation of privileges to NT AUTHORITY/SYSTEM due to an untrusted search path being utilized in the Autodesk Installer application. Exploitation of this vulnerability may lead to code execution...

Apple macOS 安全漏洞

Apple macOS is a specialized operating system developed for Mac computers by Apple Inc. in the United States. A security vulnerability exists in Apple macOS version 15.3, which originates from a file downloaded from the Internet where the quarantine flag may not be applied...

Scalefusion kiosk security vulnerability

ScaleFusion is a mobile device management and unified endpoint management application from ScaleFusion. A security vulnerability exists in the Scalefusion kiosk version 10.5.2, which stems from a file download that may occur, resulting in the inability to properly restrict users from using the Ed...

CVE-2013-2513

The flashtool gem through 0.6.0 for Ruby allows command execution via shell metacharacters in the name of a downloaded file...

Command injection

The flashtool gem through 0.6.0 for Ruby allows command execution via shell metacharacters in the name of a downloaded file...

CVE-2013-2513

The flashtool gem through 0.6.0 for Ruby allows command execution via shell metacharacters in the name of a downloaded file...

PT-2023-33002 · Ez Systems +1 · Ezpublish-Kernel +2

Name of the Vulnerable Software and Affected Versions: Ibexa DXP and eZ Platform affected versions not specified ezsystems/ezpublish-kernel affected versions not specified Description: The issue allows specifying the name of the downloaded file in the route used for file downloads, which could le...

SUSE CVE-2014-1480

The file-download implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 does not properly restrict the timing of button selections, which allows remote attackers to conduct clickjacking attacks, and trigger unintended launching of a downloaded file, via a crafted web site...

SUSE CVE-2019-5774

Omission of the .desktop filetype from the Safe Browsing checklist in SafeBrowsing in Google Chrome on Linux prior to 72.0.3626.81 allowed an attacker who convinced a user to download a .desktop file to execute arbitrary code via a downloaded .desktop file...

CVE-2022-45415

When downloading an HTML file, if the title of the page was formatted as a filename with a malicious extension, Firefox may have saved the file with that extension, leading to possible system compromise if the downloaded file was later ran. This vulnerability affects Firefox 107...

Sencha Connect Access Control Error Vulnerability

Sencha Connect is a Javascript-based codebase from Sencha, Inc. that provides extended functionality for the Node http server. Sencha Connect suffers from an access control error vulnerability that stems from the content of a file downloaded by downloadFileFromResponse being visible to all other...

CVE-2020-15651

A unicode RTL order character in the downloaded file name can be used to change the file's name during the download UI flow to change the file extension. This vulnerability affects Firefox for iOS 28...

UBUNTU-CVE-2019-17019

When Python was installed on Windows, a python file being served with the MIME type of text/plain could be executed by Python instead of being opened as a text file when the Open option was selected upon download. Note: this issue only occurs on Windows. Other operating systems are unaffected...

CVE-2019-0801

A remote code execution vulnerability exists when Microsoft Office fails to properly handle certain files.To exploit the vulnerability, an attacker would have to convince a user to open a specially crafted URL file that points to an Excel or PowerPoint file that was also downloaded.The update...

CVE-2019-5774

Omission of the .desktop filetype from the Safe Browsing checklist in SafeBrowsing in Google Chrome on Linux prior to 72.0.3626.81 allowed an attacker who convinced a user to download a .desktop file to execute arbitrary code via a downloaded .desktop file...

CVE-2015-7888

Directory traversal vulnerability in the WifiHs20UtilityService on the Samsung S6 Edge LRX22G.G925VVRU1AOE2 allows remote attackers to overwrite or create arbitrary files as the system-level user via a .. dot dot in the name of a file, compressed into a zipped file named cred.zip, and downloaded ...