Lucene search
K

59 matches found

NVD
NVD
added 2026/06/15 2:16 p.m.13 views

CVE-2018-25437

WordPress CherryFramework Themes 3.1.4 contains an information disclosure vulnerability that allows unauthenticated attackers to download sensitive backup files by accessing the downloadbackup.php endpoint. Attackers can directly access the downloadbackup.php script in the admin/datamanagement...

8.7CVSS0.00287EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/05 7:9 p.m.11 views

CVE-2026-35446

LORIS Longitudinal Online Research and Imaging System is a self-hosted web application that provides data- and project-management for neuroimaging research. From 24.0.0 to before 27.0.3 and 28.0.1, an incorrect order of operations in the FilesDownloadHandler could result in an attacker escaping t...

8.6CVSS5.5AI score0.00231EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/02 7:48 a.m.11 views

EUVD-2026-33886

The JTL-Connector for WooCommerce plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.4.1. This is due to missing capability checks and nonce verification on the adminpostsettingssavewoo-jtl-connector action handled by JtlConnectorAdmin::save and on the...

4.3CVSS5.9AI score0.00198EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/05/21 9:7 p.m.8 views

CVE-2026-7879

In Concrete CMS 9.5.0 and below, the submitpassword method in concrete/controllers/singlepage/downloadfile.php allows unauthorized file access since downloading permission-restricted files bypasses the viewfile permission check. Files without passwords can be downloaded and any user who knows a...

6.3CVSS5.8AI score0.00224EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/04/08 6:28 p.m.21 views

CVE-2026-35446 LORIS has a path traversal in FilesDownloadHandler

LORIS Longitudinal Online Research and Imaging System is a self-hosted web application that provides data- and project-management for neuroimaging research. From 24.0.0 to before 27.0.3 and 28.0.1, an incorrect order of operations in the FilesDownloadHandler could result in an attacker escaping t...

7.7CVSS0.00231EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/08 6:28 p.m.4 views

CVE-2026-35446 LORIS has a path traversal in FilesDownloadHandler

LORIS Longitudinal Online Research and Imaging System is a self-hosted web application that provides data- and project-management for neuroimaging research. From 24.0.0 to before 27.0.3 and 28.0.1, an incorrect order of operations in the FilesDownloadHandler could result in an attacker escaping t...

7.7CVSS5.9AI score0.00231EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/08 6:28 p.m.1 views

EUVD-2026-20580

LORIS Longitudinal Online Research and Imaging System is a self-hosted web application that provides data- and project-management for neuroimaging research. From 24.0.0 to before 27.0.3 and 28.0.1, an incorrect order of operations in the FilesDownloadHandler could result in an attacker escaping t...

7.7CVSS5.9AI score0.00231EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2026/03/11 12:0 a.m.2 views

Microsoft Graph Advanced Intelligence Collector

This Metasploit auxiliary module interacts with the Microsoft Graph API to perform advanced intelligence collection in Microsoft 365 environments. The module supports Azure AD application authentication or direct access tokens and enables enumeration of Azure users, SharePoint sites, OneDrive...

5.8AI score
Exploits0
CNNVD
CNNVD
added 2026/01/28 12:0 a.m.7 views

Intelbras Router RF 301K: Access control error vulnerability

The Intelbras Router RF 301K is a router produced by the Brazilian company Intelbras. Version 1.1.2 of the Intelbras Router RF 301K contains an access control vulnerability. This vulnerability stems from an authentication bypass mechanism, which may lead to the download of the router’s...

8.7CVSS5.8AI score0.00364EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/01/22 8:29 a.m.28 views

CVE-2026-1330 HAMASTAR Technology|MeetingHub - Arbitrary File Read

MeetingHub developed by HAMASTAR Technology has an Arbitrary File Read vulnerability, allowing unauthenticated remote attackers to exploit Absolute Path Traversal to download arbitrary system files...

8.7CVSS0.00608EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/12/24 12:0 a.m.4 views

V-SOL GPON/EPON OLT Platform 安全漏洞

V-SOL GPON/EPON OLT Platform is an optical line terminal management platform from China Semiconductor V-SOL. A security vulnerability exists in V-SOL GPON/EPON OLT Platform version 2.03, which originates from unauthenticated information disclosure and could result in the downloading of...

8.7CVSS6.4AI score0.00355EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/14 4:58 p.m.5 views

EUVD-2025-34435

Arbitrary file download vulnerabilities exist in the CLI binary of AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an authenticated malicious actor to download arbitrary files through carefully constructed exploits...

4.9CVSS6.4AI score0.00319EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2019-15510

Malware in sbrugna...

4.3CVSS5.1AI score0.01264EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2008-6550

Malware in sbrugna...

6.8CVSS6.4AI score0.00627EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-25509

Malicious code in bioql PyPI...

7.1CVSS6.6AI score0.00502EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-52425

Malicious code in bioql PyPI...

7.5CVSS7.6AI score0.01314EPSS
Exploits0References1
Snyk
Snyk
added 2025/09/15 7:39 a.m.2 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API tokens. It also downloads malicious files and repackages them...

9.8CVSS7AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 8:9 a.m.5 views

CVE-2024-12493

The Files Download Delay plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'fddwrap' shortcode in all versions up to, and including, 1.0.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5.8AI score0.00306EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:43 a.m.9 views

CVE-2019-5942

Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction to obtain files without access privileges via the Multiple Files Download function of application 'Cabinet'...

4.3CVSS6.5AI score0.01264EPSS
Exploits0References1
CVE
CVE
added 2025/01/09 11:10 a.m.40 views

CVE-2024-12493

CVE-2024-12493 affects the WordPress plugin Files Download Delay (WordPress plugin Files Download Delay). It describes a Stored Cross‑Site Scripting vulnerability in the plugin's fddwrap shortcode due to insufficient input sanitization and output escaping on user-supplied attributes. Affected are...

6.4CVSS5.7AI score0.00306EPSS
Exploits0References3
Rows per page
Query Builder