Sante PACS Server.exe - Path Traversal Information Disclosure

A Path Traversal Information Disclosure vulnerability exists in "Sante PACS Server.exe". An unauthenticated remote attacker can exploit it to download arbitrary files on the disk drive where the application is installed. id: CVE-2025-2264 info: name: Sante PACS Server.exe - Path Traversal...

WordPress Eventin (Themewinter) ≤ 4.0.26 - Arbitrary File Download

Themewinter Eventin contains a path traversal caused by relative path manipulation, letting attackers access arbitrary files on the server, exploit requires no specific privileges or user interaction. id: CVE-2025-47445 info: name: WordPress Eventin Themewinter ≤ 4.0.26 - Arbitrary File Download...

SimpleHelp <= 5.5.7 - Unauthenticated Path Traversal

SimpleHelp remote support software v5.5.7 and before is vulnerable to multiple path traversal vulnerabilities that enable unauthenticated remote attackers to download arbitrary files from the SimpleHelp host via crafted HTTP requests. These files include server configuration files containing...

Lawo AG vsm LTC Time Sync (vTimeSync) - Path Traversal

The web server of Lawo AG vsm LTC Time Sync vTimeSync is affected by a "..." triple dot path traversal vulnerability. By sending a specially crafted HTTP request, an unauthenticated remote attacker could download arbitrary files from the operating system. As a limitation, the exploitation is only...

GDidees CMS v3.9.1 - Arbitrary File Download

GDidees CMS v3.9.1 and lower was discovered to contain an arbitrary file download vulenrability via the filename parameter at /admin/imgdownload.php. id: CVE-2023-27179 info: name: GDidees CMS v3.9.1 - Arbitrary File Download author: theamanrawat severity: high description: | GDidees CMS v3.9.1 a...

WordPress Automatic Plugin <3.92.1 - Arbitrary File Download and SSRF

WordPress Automatic plugin 3.92.1 is vulnerable to unauthenticated Arbitrary File Download and SSRF Located in the downloader.php file, could permit attackers to download any file from a site. Sensitive data, including login credentials and backup files, could fall into the wrong hands. This...

Wipro Holmes Orchestrator 20.4.1 - Arbitrary File Download

The File Download API in Wipro Holmes Orchestrator 20.4.1 20.4.102112020 allows remote attackers to read arbitrary files via absolute path traversal in the SearchString JSON field in /home/download POST data. id: CVE-2021-38146 info: name: Wipro Holmes Orchestrator 20.4.1 - Arbitrary File Downloa...

Longjing Technology BEMS API 1.21 - Unauthenticated Arbitrary File Download

Longjing Technology BEMS API 1.21 is vulnerable to local file inclusion. Input passed through the fileName parameter through the downloads API endpoint is not properly verified before being used to download files. This can be exploited to disclose the contents of arbitrary and sensitive files...

EUVD-2026-36941

Author Arbitrary File Download in Download Monitor = 5.1.9 versions...

CVE-2026-49061

Unauthenticated Arbitrary File Download in WPC Product Options for WooCommerce = 3.2.1 versions...

CVE-2026-39489

Author Arbitrary File Download in Download Monitor = 5.1.9 versions...

EUVD-2026-36870

Unauthenticated Arbitrary File Download in WPC Product Options for WooCommerce = 3.2.1 versions...

CVE-2026-49061 WordPress WPC Product Options for WooCommerce plugin <= 3.2.1 - Arbitrary File Download vulnerability

Unauthenticated Arbitrary File Download in WPC Product Options for WooCommerce = 3.2.1 versions...

CVE-2026-49061

CVE-2026-49061 : Unauthenticated arbitrary file download in the WordPress plugin WPC Product Options for WooCommerce (versions

CVE-2026-49061 WordPress WPC Product Options for WooCommerce plugin <= 3.2.1 - Arbitrary File Download vulnerability

Unauthenticated Arbitrary File Download in WPC Product Options for WooCommerce = 3.2.1 versions...

CVE-2026-39489 WordPress Download Monitor plugin <= 5.1.9 - Non-Arbitrary File Download vulnerability

Author Arbitrary File Download in Download Monitor = 5.1.9 versions...

CVE-2026-39489

The CVE-2026-39489 entry details a vulnerability in WordPress Download Monitor plugin versions

CVE-2026-39489 WordPress Download Monitor plugin <= 5.1.9 - Non-Arbitrary File Download vulnerability

Author Arbitrary File Download in Download Monitor = 5.1.9 versions...

CVE-2018-25437 WordPress CherryFramework Themes 3.1.4 Backup File Download

WordPress CherryFramework Themes 3.1.4 contains an information disclosure vulnerability that allows unauthenticated attackers to download sensitive backup files by accessing the downloadbackup.php endpoint. Attackers can directly access the downloadbackup.php script in the admin/datamanagement...

CVE-2016-20081

HB Audio Gallery Lite 1.0.0 (WordPress) has a path traversal in audio-download.php via the file_path parameter that allows unauthenticated access to arbitrary files outside the gallery directory (e.g., wp-config.php). Root cause: inadequate validation of the file_path input. The connected documen...