6 matches found
CVE-2026-42883
Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.32.2, the GET /api/libraries/:id/download endpoint validates that the requesting user has access to the library specified in the URL path, but fetches downloadable items solely by attacker-provided IDs without constraining...
CVE-2026-3000 Changing|IDExpert Windows Logon Agent - Remote Code Execution
IDExpert Windows Logon Agent developed by Changing has a Remote Code Execution vulnerability, allowing unauthenticated remote attackers to force the system to download arbitrary DLL files from a remote source and execute them...
EUVD-2026-9147
IDExpert Windows Logon Agent developed by Changing has a Remote Code Execution vulnerability, allowing unauthenticated remote attackers to force the system to download arbitrary DLL files from a remote source and execute them...
EUVD-2025-202032
Cross-Site Request Forgery CSRF vulnerability in wpmediadownload Media Library File Download media-download allows Cross Site Request Forgery.This issue affects Media Library File Download: from n/a through = 1.4...
The vulnerability of the AdskAccessServiceHost service in the Autodesk Installer installation process allows a hacker to escalate their privileges and execute arbitrary code.
The vulnerability of the AdskAccessServiceHost service in the Autodesk Installer installation program is related to an incorrect definition of the link before accessing the file during the download of dynamically linked libraries. Exploiting this vulnerability can allow an attacker to increase...
Raonwiz K Upload Parameter Injection Vulnerability
Raonwiz K Upload is a file transfer component from the Korean company Raonwiz. A security vulnerability exists in RAONWIZ K Upload 2018.0.2.51 and earlier versions. An attacker can use the vulnerability to modify parameters, download arbitrary DLL files and perform injection operations...