EUVD-2026-34049

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.8.3, a shared-agent editor can delete file records through DELETE /api/files that the owner has reused across multiple agents. The deletion removes the file globally — not just from the...

EUVD-2026-26818

During the analysis, it was identified that authenticated attackers with Subscriber-level access or higher are able to perform an Insecure Direct Object Reference IDOR attack. This vulnerability exists because the Frontend File Manager Plugin WordPress plugin through 23.6 does not properly valida...

CVE-2026-5337

During the analysis, it was identified that authenticated attackers with Subscriber-level access or higher are able to perform an Insecure Direct Object Reference IDOR attack. This vulnerability exists because the Frontend File Manager Plugin WordPress plugin through 23.6 does not properly valida...

WordPress plugin Frontend File Manager Plugin 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is a...

CVE-2026-1280

CVE-2026-1280 affects the WordPress Frontend File Manager Plugin, versions up to 23.5. The vulnerability stems from a missing capability check on the AJAX action wpfm_send_file_in_email, allowing unauthenticated attackers to share arbitrary uploaded files by supplying a file_id. File IDs are sequ...

CVE-2026-1280 Frontend File Manager Plugin <= 23.5 - Missing Authorization to Unauthenticated Arbitrary File Sharing via 'file_id' Parameter

The Frontend File Manager Plugin for WordPress is vulnerable to unauthorized file sharing due to a missing capability check on the 'wpfmsendfileinemail' AJAX action in all versions up to, and including, 23.5. This makes it possible for unauthenticated attackers to share arbitrary uploaded files v...

CVE-2026-1280 Frontend File Manager Plugin <= 23.5 - Missing Authorization to Unauthenticated Arbitrary File Sharing via 'file_id' Parameter

The Frontend File Manager Plugin for WordPress is vulnerable to unauthorized file sharing due to a missing capability check on the 'wpfmsendfileinemail' AJAX action in all versions up to, and including, 23.5. This makes it possible for unauthenticated attackers to share arbitrary uploaded files v...

WordPress Frontend File Manager plugin plugin <= 23.5 - Missing Authorization to Unauthenticated Arbitrary File Sharing via 'file_id' Parameter vulnerability

Missing Authorization to Unauthenticated Arbitrary File Sharing via 'fileid' Parameter vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin Frontend File Manager versions = 23.5...

EUVD-2005-3501

Malware in sbrugna...

EUVD-2005-4422

Malware in sbrugna...

CVE-2024-25513

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the fileid parameter at /CorporateCulture/kaizendownload.aspx...

CVE-2025-0742

An Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker to obtain files stored by others users by changing the "FILEID" of the endpoint "/embedai/files/show/"...

CVE-2024-25523

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the fileid parameter at /filemanage/filememo.aspx...

CVE-2024-25523

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the fileid parameter at /filemanage/filememo.aspx...

CVE-2024-25523

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the fileid parameter at /filemanage/filememo.aspx...

CVE-2024-25523

RuvarOA v6.01 and v12.01 are affected by an SQL injection vulnerability in the /filemanage/file_memo.aspx endpoint, exploitable via the file_id parameter. Root cause: lack of input validation against external SQL input. Impact (per sources): potential unauthorized data theft and data integrity/av...

CVE-2024-25523

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the fileid parameter at /filemanage/filememo.aspx...

CVE-2024-25513

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the fileid parameter at /CorporateCulture/kaizendownload.aspx...

CVE-2024-25513

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the fileid parameter at /CorporateCulture/kaizendownload.aspx...

CVE-2024-25513

CVE-2024-25513 affects RuvarOA v6.01 and v12.01, with a SQL injection vulnerability exploitable through the file_id parameter of /CorporateCulture/kaizen_download.aspx. The issue arises from lack of input validation on external SQL input, enabling an attacker to execute arbitrary SQL commands and...