Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

11 matches found

ATTACKERKB
ATTACKERKBadded 2026/03/16 10:2 a.m.3 views

CVE-2026-4233

A vulnerability was identified in ThingsGateway 12. This affects an unknown part of the file /api/file/download. The manipulation of the argument fileName leads to path traversal. Remote exploitation of the attack is possible. The exploit is publicly available and might be used. The vendor was...

5.3CVSS5.5AI score0.00068EPSS
Exploits0References4
RedhatCVE
RedhatCVEadded 2025/05/22 10:14 p.m.8 views

CVE-2022-36671

Novel-Plus v3.6.2 was discovered to contain an arbitrary file download vulnerability via the background file download API...

7.5CVSS7.5AI score0.00148EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2025/05/22 9:26 p.m.5 views

CVE-2021-38146

The File Download API in Wipro Holmes Orchestrator 20.4.1 20.4.102112020 allows remote attackers to read arbitrary files via absolute path traversal in the SearchString JSON field in /home/download POST data...

7.5CVSS7AI score0.47506EPSS
Exploits3References1
Positive Technologies
Positive Technologiesadded 2024/02/27 12:0 a.m.3 views

PT-2024-15650 · Git +2 · Anything-Llm +1

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: A user who is already privileged as manager or admin can exploit this issue by setting their profile picture via the frontend API using a relative...

9.6CVSS6.9AI score0.00849EPSS
Exploits1References7
OSV
OSVadded 2022/09/01 3:15 a.m.14 views

CVE-2022-36671

Novel-Plus v3.6.2 was discovered to contain an arbitrary file download vulnerability via the background file download API...

7.5CVSS7.5AI score
Exploits0References1
NVD
NVDadded 2022/09/01 3:15 a.m.12 views

CVE-2022-36671

Novel-Plus v3.6.2 was discovered to contain an arbitrary file download vulnerability via the background file download API...

7.5CVSS0.00148EPSS
Exploits1References1
Prion
Prionadded 2022/09/01 3:15 a.m.17 views

Arbitrary file deletion

Novel-Plus v3.6.2 was discovered to contain an arbitrary file download vulnerability via the background file download API...

5CVSS7.6AI score0.00148EPSS
Exploits1References1Affected Software1
OSV
OSVadded 2021/11/22 9:15 a.m.1 views

CVE-2021-38146

The File Download API in Wipro Holmes Orchestrator 20.4.1 20.4.102112020 allows remote attackers to read arbitrary files via absolute path traversal in the SearchString JSON field in /home/download POST data...

7.5CVSS6AI score
Exploits0References2
NVD
NVDadded 2021/11/22 9:15 a.m.11 views

CVE-2021-38146

The File Download API in Wipro Holmes Orchestrator 20.4.1 20.4.102112020 allows remote attackers to read arbitrary files via absolute path traversal in the SearchString JSON field in /home/download POST data...

7.5CVSS0.47506EPSS
Exploits3References2
Cvelist
Cvelistadded 2021/11/22 8:34 a.m.12 views

CVE-2021-38146

The File Download API in Wipro Holmes Orchestrator 20.4.1 20.4.102112020 allows remote attackers to read arbitrary files via absolute path traversal in the SearchString JSON field in /home/download POST data...

7.7AI score0.47506EPSS
Exploits3References2
CVE
CVEadded 2021/11/22 8:34 a.m.65 views

CVE-2021-38146

CVE-2021-38146 affects Wipro Holmes Orchestrator 20.4.1. The vulnerability is an unauthenticated, absolute path traversal in the File Download API (POST /home/download, SearchString parameter) that allows reading arbitrary server files. CVSS v3.1 base score 7.5 (HIGH) with network access, low att...

7.5CVSS7.4AI score0.47506EPSS
Exploits3References2Affected Software1
Rows per page
Query Builder