Lucene search
K

3933 matches found

Nuclei
Nuclei
added yesterday36 views

Z-Downloads < 1.11.7 - Cross-Site Scripting

The plugin does not properly validate uploaded files allowing for the uploading of SVGs containing malicious JavaScript. id: CVE-2024-8673 info: name: Z-Downloads 1.11.7 - Cross-Site Scripting author: Splint3r7 severity: low description: | The plugin does not properly validate uploaded files...

9.1CVSS5.8AI score0.01631EPSS
Exploits1References1
Nuclei
Nuclei
added yesterday20 views

Easy Digital Downloads - Privilege Escalation

Improper Authentication vulnerability in Easy Digital Downloads plugin allows unauth. Privilege Escalation. This issue affects Easy Digital Downloads: from 3.1 through 3.1.1.4.1. id: CVE-2023-30869 info: name: Easy Digital Downloads - Privilege Escalation author: daffainfo severity: critical...

9.8CVSS7.3AI score0.031EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday29 views

WordPress Easy Digital Downloads 3.1.0.2/3.1.0.3 - SQL Injection

WordPress Easy Digital Downloads plugin 3.1.0.2 and 3.1.0.3 contains a SQL injection vulnerability in the s parameter of its edddownloadsearch action. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the...

9.8CVSS7.4AI score0.11172EPSS
Exploits2References5
Nuclei
Nuclei
added yesterday11 views

WordPress Easy Digital Downloads <= 3.2.12 - SQL Injection

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Easy Digital Downloads allows SQL Injection.This issue affects Easy Digital Downloads: from n/a through 3.2.12. id: CVE-2024-5057 info: name: WordPress Easy Digital Downloads = 3.2.12 - SQL Injecti...

9.8CVSS5.8AI score0.02588EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday34 views

Wipro Holmes Orchestrator 20.4.1 - Information Disclosure

Wipro Holmes Orchestrator 20.4.1 20.4.102112020 allows remote attackers to download arbitrary files, such as reports containing sensitive information, because authentication is not required for API access to processexecution/DownloadExcelFile/DomainCredentialReportExcel,...

7.5CVSS7.3AI score0.53008EPSS
Exploits3References3
Nuclei
Nuclei
added yesterday19 views

WordPress Candidate Application Form <= 1.3 - Local File Inclusion

WordPress Candidate Application Form = 1.3 is susceptible to arbitrary file downloads because the code in downloadpdffile.php does not do any sanity checks. id: CVE-2015-1000005 info: name: WordPress Candidate Application Form = 1.3 - Local File Inclusion author: dhiyaneshDK severity: high...

7.5CVSS7.3AI score0.08833EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday18 views

Longjing Technology BEMS API 1.21 - Unauthenticated Arbitrary File Download

Longjing Technology BEMS API 1.21 is vulnerable to local file inclusion. Input passed through the fileName parameter through the downloads API endpoint is not properly verified before being used to download files. This can be exploited to disclose the contents of arbitrary and sensitive files...

8.7CVSS7.3AI score0.01378EPSS
Exploits1References5
NVD
NVD
added 2 days ago4 views

CVE-2026-8387

A vulnerability in allegroai/clearml versions up to and including 1.16.5 allows for relative path traversal when extracting .zip archives using the ZipFile.extractall method in StorageManager.extracttocache. This issue arises due to the lack of path traversal validation, enabling an attacker to...

2.4CVSS0.00357EPSS
Exploits0References2
EUVD
EUVD
added 2 days ago5 views

EUVD-2026-40611

Inappropriate implementation in Downloads in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. Chromium security severity: Medium...

6.2AI score0.00354EPSS
Exploits0References3
EUVD
EUVD
added 2 days ago5 views

EUVD-2026-40477

Insufficient validation of untrusted input in Downloads in Google Chrome prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. Chromium security severity: High...

6.1AI score0.00324EPSS
Exploits0References3
OSV
OSV
added 3 days ago2 views

DEBIAN-CVE-2026-13925

Inappropriate implementation in Downloads in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. Chromium security severity: Medium...

7.5CVSS6.2AI score0.00354EPSS
Exploits0References1
OSV
OSV
added 3 days ago4 views

DEBIAN-CVE-2026-13791

Insufficient validation of untrusted input in Downloads in Google Chrome prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. Chromium security severity: High...

8.1CVSS6.1AI score0.00324EPSS
Exploits0References1
NVD
NVD
added 3 days ago5 views

CVE-2026-13791

Insufficient validation of untrusted input in Downloads in Google Chrome prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. Chromium security severity: High...

8.1CVSS0.00324EPSS
Exploits0References2
CVE
CVE
added 3 days ago7 views

CVE-2026-13925

CVE-2026-13925 concerns an inappropriate implementation in Chrome’s Downloads on Windows, prior to version 150.0.7871.47. The vulnerability enables remote code execution when a user is convinced to perform specific UI gestures on a crafted HTML page. Affected software is Google Chrome (Windows); ...

7.5CVSS6.2AI score0.00354EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 3 days ago5 views

CVE-2026-13925

Inappropriate implementation in Downloads in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. Chromium security severity: Medium...

7.5CVSS6.2AI score0.00354EPSS
Exploits0
Cvelist
Cvelist
added 3 days ago21 views

CVE-2026-13925

Inappropriate implementation in Downloads in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. Chromium security severity: Medium...

0.00354EPSS
Exploits0References2
Debian CVE
Debian CVE
added 3 days ago3 views

CVE-2026-13791

Insufficient validation of untrusted input in Downloads in Google Chrome prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. Chromium security severity: High...

8.1CVSS6.1AI score0.00324EPSS
Exploits0
NVD
NVD
added 2026/06/25 7:16 p.m.6 views

CVE-2026-56768

Seahub before 13.0.23 does not enforce SHARELINKLOGINREQUIRED on GET /api/v2.1/share-link-zip-task/, allowing unauthenticated users to bypass authentication. Attackers with a folder share-link token can call the GET endpoint to obtain a fileserver zip token and download entire shared directory...

8.8CVSS0.00381EPSS
Exploits0References5
CVE
CVE
added 2026/06/24 8:19 p.m.12 views

CVE-2026-52799

Gogs (version

7.5CVSS5.9AI score0.00422EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/22 12:54 p.m.29 views

CVE-2026-56448 Authenticated Path Traversal in AIL Framework Investigation Downloads Allows Arbitrary File Read

A path traversal vulnerability exists in AIL Framework before the release containing commit 0041456af25da0cdea1c1c4624e46baff2731d8f. An authenticated AIL user can supply crafted object identifiers through the investigation workflow to cause file paths to resolve outside the intended image,...

8.3CVSS0.00292EPSS
Exploits0References1
Rows per page
Query Builder