37 matches found
CVE-2026-57571
Crawl4AI is an open-source LLM-friendly web crawler and scraper. Prior to 0.9.0, when the crawler saves a downloaded file, the destination filename was taken from attacker-influenced input and joined to the downloads directory with no confinement. A filename containing an absolute path or travers...
CVE-2026-57571
CVE-2026-57571 affects Crawl4AI prior to version 0.9.0. The vulnerability arises when saving downloaded files: the destination filename is taken from attacker-controlled input and joined to the downloads directory without confinement. If the filename contains an absolute path or traversal, it esc...
GHSA-CCC3-FVFX-MW3V MobSF Path Traversal in GET /download/<filename> using absolute filenames
Summary The GET /download/ route uses string path verification via os.path.commonprefix, which allows an authenticated user to download files outside the DWDDIR download directory from "neighboring" directories whose absolute paths begin with the same prefix as DWDDIR e.g., .../downloadsbak,...
PT-2025-35521
Name of the Vulnerable Software and Affected Versions MobSF version 4.4.0 Description The GET /download/ route uses string path verification via os.path.commonprefix, which allows an authenticated user to download files outside the intended download directory from neighboring directories with...
PT-2025-40457
Name of the Vulnerable Software and Affected Versions Unity versions 2017.1 through 6000.3 Description A critical vulnerability exists in the Unity Runtime, potentially allowing attackers to execute arbitrary code on systems running applications built with affected versions of the engine. This...
Microsoft Reveals macOS Vulnerability that Bypasses Privacy Controls in Safari Browser
Microsoft has disclosed details about a now-patched security flaw in Apple's Transparency, Consent, and Control TCC framework in macOS that has likely come under exploitation to get around a user's privacy preferences and access data. The shortcoming, codenamed HM Surf by the tech giant, is track...
CVE-2024-2209
HP DeskJet printers are affected by CVE-2024-2209 in the Printer Firmware Update Utility (FUU) bundle. A user with administrative privileges can replace the original DLL in the FUU bundle with a malicious DLL of the same name and place it in the Windows default downloads directory, potentially ca...
CVE-2023-1663
Coverity versions prior to 2023.3.2 are vulnerable to forced browsing, which exposes authenticated resources to unauthorized actors. The root cause of this vulnerability is an insecurely configured servlet mapping for the underlying Apache Tomcat server. As a result, the downloads directory and i...
Design/Logic Flaw
Coverity versions prior to 2023.3.2 are vulnerable to forced browsing, which exposes authenticated resources to unauthorized actors. The root cause of this vulnerability is an insecurely configured servlet mapping for the underlying Apache Tomcat server. As a result, the downloads directory and i...
CVE-2023-1663 Authenticated Resources Accessible via Forced Browsing
Coverity versions prior to 2023.3.2 are vulnerable to forced browsing, which exposes authenticated resources to unauthorized actors. The root cause of this vulnerability is an insecurely configured servlet mapping for the underlying Apache Tomcat server. As a result, the downloads directory and i...
PT-2023-17153 · Synopsys +1 · Coverity +1
Name of the Vulnerable Software and Affected Versions: Coverity versions prior to 2023.3.2 Description: The issue is related to forced browsing, which exposes authenticated resources to unauthorized actors due to an insecurely configured servlet mapping for the underlying Apache Tomcat server. Th...
SUSE CVE-2012-4206
Untrusted search path vulnerability in the installer in Mozilla Firefox before 17.0 and Firefox ESR 10.x before 10.0.11 on Windows allows local users to gain privileges via a Trojan horse DLL in the default downloads directory...
CVE-2021-20153
Trendnet AC2600 TEW-827DRU version 2.08B01 contains a symlink vulnerability in the bittorrent functionality. If enabled, the bittorrent functionality is vulnerable to a symlink attack that could lead to remote code execution on the device. If an end user inserts a flash drive with a malicious...
CVE-2018-8909
The Wire application before 2018-03-07 for Android allows attackers to write to pathnames outside of the downloads directory via a ../ in a filename of a received file, related to AssetService.scala...
CVE-2018-8909
The Wire application before 2018-03-07 for Android allows attackers to write to pathnames outside of the downloads directory via a ../ in a filename of a received file, related to AssetService.scala...
Fortinet Installer Client 5.6 DLL Hijacking
Affected Product: Fortinet Installer Client 5.6 for Windows PC Credit: Souhardya Sardar and Rohit Bankoti Contact : github.com/Souhardya Summary: Fortinet Installer contains a privilege escalation vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the...
Skype 7.16.0.102 DLL Hijacking
Vulnerability Title: Skype Insecure Library Loading Vulnerability api-ms-win-core-winrt-string-l1-1-0.dll Affected Product: Skype Vendor Homepage: https://www.microsoft.com/en-us/ MSRC Case 32355 TRK:0001002846 CVE-ID : CVE-2017-6517 Severity: Medium Description: Microsoft Skype contains a DLL...
Eclipse DLL Hijacking
Hi @ll, eclipse-inst-win32.exe and of course eclipse-inst-win64.exe too loads and executes multiple DLLs in version 4.5 also CMD.EXE from its "application directory". version 4.5 "Mars" on Windows 7: UXTheme.dll, WindowsCodecs.dll, AppHelp.dll, SrvCli.dll, Slc.dll, NTMarta.dll, ProfAPI.dll,...
ownCloud: ownCloud 2.2.2.6192 DLL Hijacking Vulnerability
Summary ownCloud contains a DLL hijacking vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system. The vulnerability exists due to some DLL file is loaded by 'ownCloud-2.2.2.6192-setup.exe' improperly. And it allows an attacker to load...
f.lux DLL Hijacking
Aloha, f.lux suffers from a DLL hijacking vulnerability. "flux-setup.exe" loads and executes dll from its "application directory". For software downloaded with a web browser the applicationdirectory is typically the user's "Downloads" directory: see , and for "prior art" about this well-known and...