Lucene search
K

6 matches found

NVD
NVD
added 2026/05/11 8:25 p.m.22 views

CVE-2026-42883

Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.32.2, the GET /api/libraries/:id/download endpoint validates that the requesting user has access to the library specified in the URL path, but fetches downloadable items solely by attacker-provided IDs without constraining...

6.5CVSS0.00205EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/02 6:3 a.m.21 views

CVE-2026-3000 Changing|IDExpert Windows Logon Agent - Remote Code Execution

IDExpert Windows Logon Agent developed by Changing has a Remote Code Execution vulnerability, allowing unauthenticated remote attackers to force the system to download arbitrary DLL files from a remote source and execute them...

9.8CVSS0.00507EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/02 6:3 a.m.6 views

EUVD-2026-9147

IDExpert Windows Logon Agent developed by Changing has a Remote Code Execution vulnerability, allowing unauthenticated remote attackers to force the system to download arbitrary DLL files from a remote source and execute them...

9.8CVSS6.2AI score0.00507EPSS
Exploits0References3
EUVD
EUVD
added 2025/12/09 6:30 p.m.6 views

EUVD-2025-202032

Cross-Site Request Forgery CSRF vulnerability in wpmediadownload Media Library File Download media-download allows Cross Site Request Forgery.This issue affects Media Library File Download: from n/a through = 1.4...

6.4AI score0.00111EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2023/12/04 12:0 a.m.7 views

The vulnerability of the AdskAccessServiceHost service in the Autodesk Installer installation process allows a hacker to escalate their privileges and execute arbitrary code.

The vulnerability of the AdskAccessServiceHost service in the Autodesk Installer installation program is related to an incorrect definition of the link before accessing the file during the download of dynamically linked libraries. Exploiting this vulnerability can allow an attacker to increase...

7.8CVSS7.4AI score0.00225EPSS
Exploits0References4Affected Software1
CNVD
CNVD
added 2020/05/22 12:0 a.m.2 views

Raonwiz K Upload Parameter Injection Vulnerability

Raonwiz K Upload is a file transfer component from the Korean company Raonwiz. A security vulnerability exists in RAONWIZ K Upload 2018.0.2.51 and earlier versions. An attacker can use the vulnerability to modify parameters, download arbitrary DLL files and perform injection operations...

9.8CVSS7.3AI score0.00689EPSS
Exploits0References1
Rows per page
Query Builder