59 matches found
CVE-2018-25437
WordPress CherryFramework Themes 3.1.4 contains an information disclosure vulnerability that allows unauthenticated attackers to download sensitive backup files by accessing the downloadbackup.php endpoint. Attackers can directly access the downloadbackup.php script in the admin/datamanagement...
CVE-2026-35446
LORIS Longitudinal Online Research and Imaging System is a self-hosted web application that provides data- and project-management for neuroimaging research. From 24.0.0 to before 27.0.3 and 28.0.1, an incorrect order of operations in the FilesDownloadHandler could result in an attacker escaping t...
EUVD-2026-33886
The JTL-Connector for WooCommerce plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.4.1. This is due to missing capability checks and nonce verification on the adminpostsettingssavewoo-jtl-connector action handled by JtlConnectorAdmin::save and on the...
CVE-2026-7879
In Concrete CMS 9.5.0 and below, the submitpassword method in concrete/controllers/singlepage/downloadfile.php allows unauthorized file access since downloading permission-restricted files bypasses the viewfile permission check. Files without passwords can be downloaded and any user who knows a...
CVE-2026-35446 LORIS has a path traversal in FilesDownloadHandler
LORIS Longitudinal Online Research and Imaging System is a self-hosted web application that provides data- and project-management for neuroimaging research. From 24.0.0 to before 27.0.3 and 28.0.1, an incorrect order of operations in the FilesDownloadHandler could result in an attacker escaping t...
CVE-2026-35446 LORIS has a path traversal in FilesDownloadHandler
LORIS Longitudinal Online Research and Imaging System is a self-hosted web application that provides data- and project-management for neuroimaging research. From 24.0.0 to before 27.0.3 and 28.0.1, an incorrect order of operations in the FilesDownloadHandler could result in an attacker escaping t...
EUVD-2026-20580
LORIS Longitudinal Online Research and Imaging System is a self-hosted web application that provides data- and project-management for neuroimaging research. From 24.0.0 to before 27.0.3 and 28.0.1, an incorrect order of operations in the FilesDownloadHandler could result in an attacker escaping t...
Microsoft Graph Advanced Intelligence Collector
This Metasploit auxiliary module interacts with the Microsoft Graph API to perform advanced intelligence collection in Microsoft 365 environments. The module supports Azure AD application authentication or direct access tokens and enables enumeration of Azure users, SharePoint sites, OneDrive...
Intelbras Router RF 301K: Access control error vulnerability
The Intelbras Router RF 301K is a router produced by the Brazilian company Intelbras. Version 1.1.2 of the Intelbras Router RF 301K contains an access control vulnerability. This vulnerability stems from an authentication bypass mechanism, which may lead to the download of the router’s...
CVE-2026-1330 HAMASTAR Technology|MeetingHub - Arbitrary File Read
MeetingHub developed by HAMASTAR Technology has an Arbitrary File Read vulnerability, allowing unauthenticated remote attackers to exploit Absolute Path Traversal to download arbitrary system files...
V-SOL GPON/EPON OLT Platform 安全漏洞
V-SOL GPON/EPON OLT Platform is an optical line terminal management platform from China Semiconductor V-SOL. A security vulnerability exists in V-SOL GPON/EPON OLT Platform version 2.03, which originates from unauthenticated information disclosure and could result in the downloading of...
EUVD-2025-34435
Arbitrary file download vulnerabilities exist in the CLI binary of AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an authenticated malicious actor to download arbitrary files through carefully constructed exploits...
EUVD-2019-15510
Malware in sbrugna...
EUVD-2008-6550
Malware in sbrugna...
EUVD-2025-25509
Malicious code in bioql PyPI...
EUVD-2023-52425
Malicious code in bioql PyPI...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API tokens. It also downloads malicious files and repackages them...
CVE-2024-12493
The Files Download Delay plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'fddwrap' shortcode in all versions up to, and including, 1.0.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2019-5942
Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction to obtain files without access privileges via the Multiple Files Download function of application 'Cabinet'...
CVE-2024-12493
CVE-2024-12493 affects the WordPress plugin Files Download Delay (WordPress plugin Files Download Delay). It describes a Stored Cross‑Site Scripting vulnerability in the plugin's fddwrap shortcode due to insufficient input sanitization and output escaping on user-supplied attributes. Affected are...