Lucene search
K

8 matches found

Nuclei
Nuclei
added 9 hours ago23 views

Longjing Technology BEMS API 1.21 - Unauthenticated Arbitrary File Download

Longjing Technology BEMS API 1.21 is vulnerable to local file inclusion. Input passed through the fileName parameter through the downloads API endpoint is not properly verified before being used to download files. This can be exploited to disclose the contents of arbitrary and sensitive files...

8.7CVSS7.1AI score0.01461EPSS
Exploits1References5
EUVD
EUVD
added 2025/11/13 12:30 a.m.7 views

EUVD-2021-34715

Longjing Technology BEMS API versions up to and including 1.21 contains an unauthenticated arbitrary file download vulnerability in the 'downloads' endpoint. The 'fileName' parameter is not properly sanitized, allowing attackers to craft traversal sequences and access sensitive files outside the...

8.7CVSS6.4AI score0.01461EPSS
Exploits1References8
NVD
NVD
added 2025/11/12 10:15 p.m.4 views

CVE-2021-4463

Longjing Technology BEMS API versions up to and including 1.21 contains an unauthenticated arbitrary file download vulnerability in the 'downloads' endpoint. The 'fileName' parameter is not properly sanitized, allowing attackers to craft traversal sequences and access sensitive files outside the...

8.7CVSS0.01461EPSS
Exploits1References7
Cvelist
Cvelist
added 2025/11/12 10:7 p.m.8 views

CVE-2021-4463 Longjing Technology BEMS API <= 1.21 Remote Arbitrary File Download

Longjing Technology BEMS API versions up to and including 1.21 contains an unauthenticated arbitrary file download vulnerability in the 'downloads' endpoint. The 'fileName' parameter is not properly sanitized, allowing attackers to craft traversal sequences and access sensitive files outside the...

8.7CVSS0.01461EPSS
Exploits1References7
CVE
CVE
added 2025/11/12 10:7 p.m.17 views

CVE-2021-4463

CVE-2021-4463 affects Longjing Technology BEMS API versions up to 1.21. The vulnerability exists in the downloads endpoint where the fileName parameter is not properly sanitized, enabling an attacker to perform path traversal and download arbitrary files outside the intended directory without aut...

8.7CVSS6.5AI score0.01461EPSS
Exploits1References7
Vulnrichment
Vulnrichment
added 2025/11/12 10:7 p.m.3 views

CVE-2021-4463 Longjing Technology BEMS API <= 1.21 Remote Arbitrary File Download

Longjing Technology BEMS API versions up to and including 1.21 contains an unauthenticated arbitrary file download vulnerability in the 'downloads' endpoint. The 'fileName' parameter is not properly sanitized, allowing attackers to craft traversal sequences and access sensitive files outside the...

8.7CVSS6.5AI score0.01461EPSS
Exploits1References7
CNNVD
CNNVD
added 2025/11/12 12:0 a.m.4 views

Longjing BEMS API 安全漏洞

The Longjing BEMS API is an interface to the Battery Energy Management System BEMS from China's Longjing. A security vulnerability exists in Longjing BEMS API version 1.21 and earlier, which stems from an arbitrary file download issue in the downloads endpoint that could result in access to...

8.7CVSS9.1AI score0.01461EPSS
Exploits1References9
Positive Technologies
Positive Technologies
added 2025/11/12 12:0 a.m.6 views

PT-2025-46728

Name of the Vulnerable Software and Affected Versions Longjing Technology BEMS API versions up to and including 1.21 Description The software contains an unauthenticated arbitrary file download issue in the 'downloads' endpoint. The fileName parameter lacks proper sanitization, enabling attackers...

8.7CVSS6.8AI score0.01461EPSS
Exploits1References9
Rows per page
Query Builder